ASD ISM — control change analysis

OSCAL releases 2022-09-14 → 2026-06-18 · controls only · baseline v2022.09.14 (820 controls)

Introduction

The Australian Signals Directorate (ASD) / Australian Cyber Security Centre (ACSC) maintains the Information Security Manual (ISM). The ISM is a cyber security framework that an organisation can apply, using their risk management framework, to protect their information technology and operational technology systems from cyber threats.

ISMexplorer takes the outputs of the ISM publication and change management process, specifically the OSCAL releases, and provides an analysis of the changes both over a long period as well as between versions.

The content in ISMexplorer is updated when ISM itself is updated, typically quarterly.

Releases analysed

17 / 7

Substantive / errata

+281

Catalogue growth

342

New controls added

Controls removed

185

Substantive edits

Longitudinal overview

Change typology per release

Classification footprint of material changes

Level-specific material changes (full-scope excluded)

Releases

Click a release to open its incremental report. Errata / format-only rows are dimmed — no content change. Counts are controls; sub-rate = (added + substantive) ÷ catalogue size.

Release	Date	Type	Added	Subst	Clarif	Edit	Reloc	Scope	Size	Sub-rate
v2026.06.18	2026-06-18	substantive	20	23	44	38	149	0	1101	0.039
v2026.03.24	2026-03-24	substantive	9	4	9	4	6	0	1081	0.012
v2025.12.9	2025-12-09	substantive	21	3	15	59	16	0	1073	0.022
v2025.10.8	2025-10-08	errata/format-only	0	0	0	0	0	0	1058	0.000
v2025.09.15	2025-09-15	errata/format-only	0	0	0	0	0	0	1058	0.000
v2025.09.10	2025-09-10	substantive	5	1	6	5	7	0	1058	0.006
v2025.07.16	2025-07-16	substantive	51	9	55	16	20	0	1053	0.057
v2025.03.31	2025-03-31	substantive	24	13	33	41	49	1	1003	0.037
v2024.12.19	2024-12-19	substantive	31	9	18	21	11	0	980	0.041
v2024.10.4	2024-10-04	errata/format-only	0	0	0	0	0	0	953	0.000
v2024.09.26	2024-09-26	substantive	40	6	8	15	6	0	953	0.048
v2024.06.18	2024-06-18	substantive	7	3	15	55	82	0	913	0.011
v2024.03.12	2024-03-12	errata/format-only	0	0	0	0	0	0	906	0.000
v2024.03.5	2024-03-05	substantive	5	1	1	1	0	0	906	0.007
v2023.12.1	2023-12-01	substantive	33	26	33	12	11	1	904	0.065
v2023.09.25	2023-09-25	errata/format-only	0	0	0	0	0	0	898	0.000
v2023.09.21	2023-09-21	substantive	16	19	36	33	38	2	898	0.039
v2023.08.3	2023-08-03	errata/format-only	0	0	0	0	0	0	883	0.000
v2023.06.29	2023-06-29	substantive	12	7	22	3	13	0	883	0.021
v2023.04.12	2023-04-12	substantive	0	0	1	0	0	0	877	0.000
v2023.03.5	2023-03-05	errata/format-only	0	0	0	0	0	0	877	0.000
v2023.03.3	2023-03-03	substantive	33	21	18	4	50	10	877	0.062
v2022.12.1	2022-12-01	substantive	16	31	66	9	24	1	850	0.055
v2022.09.15	2022-09-15	substantive	19	9	12	4	42	0	837	0.034

About

ISMexplorer is an analytical tool and publication by Baden Hughes, an independent security and compliance engineer. You can contact him via: hello@ismexplorer.org or signup to our low-volume announcements list.

Generated by ISMexplorer v1.0.0 — longitudinal and per-release analysis of ASD Information Security Manual control changes.

Information Security Manual (ISM) published by Australian Signals Directorate / Australian Cyber Security Centre and © Commonwealth of Australia 2022-2026;
ISMexplorer analysis tool and publication © Baden Hughes, 2022-2026