Topic

Protecting systems and their resources

Applicable to

Top Secret

History

Mar 2025

System owners, in consultation with each system’s authorising officer, ensure controls for each TOP SECRET system and its operating environment, including each sensitive compartmented information system and its operating environment, undergo a security assessment by ASD assessors (or their delegates) to determine if they have been implemented correctly and are operating as intended.

The existing control recommending that system owners ensure controls for each TOP SECRET system and its operating environment, including each sensitive compartmented information system and its operating environment, undergo a security assessment by ASD assessors (or their delegates) to determine if they have been implemented correctly and are operating as intended was amended to recommend that this activity be conducted in consultation with the system’s authorising officer.

Dec 2024

System owners ensure controls for each TOP SECRET system and its operating environment, including each sensitive compartmented information system and its operating environment, undergo a security assessment by Australian Signals Directorate (ASD) assessors (or their delegates) to determine if they have been implemented correctly and are operating as intended.

The existing control recommending that system owners ensure controls for each system and its operating environment are assessed to determine if they have been implemented correctly and are operating as intended was split into two controls to clearly articulate that non-classified, OFFICIAL: Sensitive, PROTECTED and SECRET systems can be assessed by an organisation’s own assessors or an IRAP assessor while TOP SECRET systems, including sensitive compartmented information systems, need to be assessed by ASD assessors (or their delegates). ISM-1636, ISM-1967