ASD ISM — incremental change analysis

Release v2025.09.10 (2025-09-10) vs prior v2025.07.16 · 56 days · catalogue 1058 controls · NC-explicit era

ASD changes summary: ISM September 2025 changes (PDF) ↗

Added

Substantive

Clarification

Editorial

Relocated

Scope changes

Removed

1 · Change typology

2 · Classification footprint

Ceiling (highest level reached) / Floor (lowest level reached) — material changes

Level	as ceiling	as floor
TOP SECRET	6	0
SECRET	0	2
PROTECTED	0	0
OFFICIAL: Sensitive	0	0
Non-Classified	0	4

3 · Level-specific material changes

Footprint	Floor	Ceiling	Controls
`S\|TS`	SECRET	TOP SECRET	ISM-2069 ISM-2070

4 · Change location by chapter

5 · Control call-outs by category

Added — new controls (5)

Control	Footprint	Location	Statement (excerpt)
ISM-2069	`S\|TS`	Guidelines for physical security › Bringing photographic and video recording devices into facilities	An authorised photographic and video recording device register for SECRET and TOP SECRET areas is developed, implemented, maintained and verified on a…
ISM-2070	`S\|TS`	Guidelines for physical security › Bringing photographic and video recording devices into facilities	Unauthorised photographic and video recording devices are not brought into SECRET and TOP SECRET areas.
ISM-2071	`NC\|OS\|P\|S\|TS`	Guidelines for personnel security › Managing and reporting suspicious requests to disclose or change user account details	Personnel dealing with user account details are advised of what social engineering attacks are, how to manage such situations and how to report them.
ISM-2072	`NC\|OS\|P\|S\|TS`	Guidelines for software development › Secure artificial intelligence application development	Artificial intelligence models are stored in a file format that does not allow arbitrary code execution.
ISM-2073	`NC\|OS\|P\|S\|TS`	Guidelines for cryptography › Transitioning to post-quantum cryptography	A post-quantum cryptography transition plan is developed, implemented and maintained.

Substantive amendments (1)

Control	Edit dist	Location	Statement (excerpt)
ISM-1924	0.93	Guidelines for software development › Secure artificial intelligence application development	Generative artificial intelligence applications evaluate user prompts to detect and mitigate adversarial inputs or suffixes designed to illicit uninte…

Clarifications (6)

Control	Edit dist	Location
ISM-0457	0.13	Guidelines for cryptography › Cryptographic implementation assurance
ISM-0455	0.11	Guidelines for cryptography › Data recovery
ISM-0465	0.09	Guidelines for cryptography › Cryptographic implementation assurance
ISM-0481	0.09	Guidelines for cryptography › Using ASD-Approved Cryptographic Protocols
ISM-0471	0.08	Guidelines for cryptography › Using ASD-Approved Cryptographic Algorithms
ISM-0665	0.06	Guidelines for data transfers › Authorising export of data

Editorial / grammatical (5)

Cosmetic edits (normalised edit distance < 0.05). ISM-0664, ISM-0675, ISM-1657, ISM-1917, ISM-2029

Relocated (7)

0 cross-chapter moves (listed) · 7 intra-chapter section/topic reshuffles (count only).

Scope / applicability changes (0)

No control changed its classification reach this release.

Removed (0)

None.

Method. Controls only (ISM-principles excluded). A content modification requires ASD's native revision/updated stamp to move (0 prose-only re-renders excluded as format noise). Relocation compares case/spelling-normalised chapter›section›topic paths. Nature = normalised edit distance (editorial <0.05, clarification <0.25, substantive ≥0.25 — uncalibrated). Footprints normalised across schemes (O→OS, ALL→NC|OS|P|S|TS); pre-Dec-2024 NC imputed.

Generated by ISMexplorer v1.0.0 — longitudinal and per-release analysis of ASD Information Security Manual control changes.

Information Security Manual (ISM) published by Australian Signals Directorate / Australian Cyber Security Centre and © Commonwealth of Australia 2022-2026;
ISMexplorer analysis tool and publication © Baden Hughes, 2022-2026