KORTHEXkorthex.flowence.cc

Jurisdictions / Australia

Australia: ASD Information Security Manual

The Australia overlay carries 4 jurisdiction rules built on the cryptography chapter of the ASD Information Security Manual (ISM), scoped to OFFICIAL-classified data. Findings graded by the overlay carry the ASD-ISM framework tag, giving Australian government entities and their suppliers ISM-aligned evidence with file and line detail.

What the ISM expects

  • Approved cryptographic algorithms and protocols for OFFICIAL data, per the ISM's cryptography guidelines
  • Deprecated and legacy mechanisms flagged wherever they appear in code, configuration or TLS
  • An inventory posture: knowing which cryptography protects which data is the premise of the ISM's controls

Recommended configuration

The Australian Government profile activates the Korthex-curated base plus this overlay. For suppliers working across jurisdictions, the overlay stacks cleanly on NIST or BSI channels, and the CBOM provides the evidence artifact ISM-aligned assessments (including IRAP engagements) ask to see for the cryptography controls.

Frequently asked questions

Does the overlay cover classified levels above OFFICIAL?

The shipped rules target OFFICIAL-classified data. Higher classifications carry requirements beyond a source-level scanner's scope.

Can this support an IRAP assessment?

It produces the cryptographic evidence slice: which mechanisms are in use, where, and how they grade against the ISM's cryptography guidelines. The assessment itself remains with your IRAP assessor.

How current are the ISM rules?

The overlay follows the same 24-hour signed update cycle as every channel, so ISM guideline changes propagate without a product update.