ASD Strategies to Mitigate Cyber Security Incidents

Australia

v2017

9 domains

37 controls

A prioritised list of 37 mitigation strategies published by the Australian Signals Directorate to help organisations protect themselves against cyber threats. The Essential Eight is a subset of these strategies.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (9)

Detecting Cyber Security Incidents and Responding

6 controls

Strategies for detecting and responding to cyber security incidents

Controls in the Detecting Cyber Security Incidents and Responding domain of ASD Strategies to Mitigate Cyber Security Incidents — 6 controls
Code	Title	Description
ASD37-28	Continuous incident detection and response (Excellent)	Continuous incident detection and response with a 24/7 cyber security operations capability for automated and manual ana...
ASD37-29	Host-based IDS/IPS (Very Good)	Host-based intrusion detection/prevention system to identify anomalous behaviour and known malicious activity.
ASD37-30	Endpoint detection and response (Very Good)	Endpoint detection and response software on all computers for centralised analysis and reporting of threat indicators.
ASD37-31	Hunt to discover incidents (Very Good)	Hunt to discover cyber security incidents based on knowledge of adversary tradecraft and analysis of logs, events and ot...
ASD37-32	Network-based IDS/IPS (Limited)	Network-based intrusion detection/prevention system using signatures and heuristics to identify anomalous traffic.
ASD37-33	Capture network traffic (Limited)	Capture network traffic to and from corporate computers and store for at least several days to support the detection of...

Extended Strategy

0 controls

Limiting the Extent of Cyber Security Incidents

10 controls

Strategies to limit the extent and impact of cyber security incidents

Controls in the Limiting the Extent of Cyber Security Incidents domain of ASD Strategies to Mitigate Cyber Security Incidents — 10 controls
Code	Title	Description
ASD37-18	Restrict administrative privileges (Essential)	Restrict administrative privileges to operating systems and applications based on user duties. Regularly revalidate the...
ASD37-19	Patch operating systems (Essential)	Patch/mitigate computers (including network devices) with extreme risk vulnerabilities within 48 hours. Use the latest v...
ASD37-20	Multi-factor authentication (Essential)	Multi-factor authentication including for VPNs, RDP, SSH and other remote access, and for all users when they perform a...
ASD37-21	Disable local administrator accounts (Excellent)	Disable local administrator accounts or assign unique, complex, unpredictable passphrases to each, using a tool such as...
ASD37-22	Network segmentation (Excellent)	Network segmentation and segregation to limit the impact of an intrusion. Deny traffic between computers unless required...
ASD37-23	Protect authentication credentials (Excellent)	Protect authentication credentials by removing them from memory when no longer needed. Use credential caching only when...
ASD37-24	Non-persistent virtualised sandboxed environment (Very Good)	Non-persistent virtualised sandboxed environment for risky activities such as processing untrusted documents and web bro...
ASD37-25	Software firewall - inbound (Very Good)	Software-based application firewall, blocking incoming network traffic that is malicious or unauthorised.
ASD37-26	Software firewall - outbound (Very Good)	Software-based application firewall, blocking outgoing network traffic that is not generated by approved/legitimate prog...
ASD37-27	Outbound data loss prevention (Very Good)	Outbound web and email data loss prevention to detect and block large or unusual volumes of data or sensitive data being...

Preventing Malicious Insiders

1 controls

Strategies for preventing and detecting malicious insider threats

Controls in the Preventing Malicious Insiders domain of ASD Strategies to Mitigate Cyber Security Incidents — 1 controls
Code	Title	Description
ASD37-37	Personnel management (Very Good)	Personnel management including pre-employment checks, ongoing security awareness training, and management of disgruntled...

Preventing Malware Delivery and Execution

17 controls

Strategies to prevent malware from being delivered to and executed on systems

Controls in the Preventing Malware Delivery and Execution domain of ASD Strategies to Mitigate Cyber Security Incidents — 17 controls
Code	Title	Description
ASD37-01	Application control (Essential)	Application control to prevent execution of unapproved/malicious programs including .exe, DLL, scripts and installers.
ASD37-02	Patch applications (Essential)	Patch/mitigate computers with extreme risk vulnerabilities within 48 hours. Use the latest version of applications.
ASD37-03	Configure Microsoft Office macro settings (Essential)	Configure Microsoft Office macro settings to block macros from the internet, and only allow vetted macros either in Trus...
ASD37-04	User application hardening (Essential)	Configure web browsers to block Flash, ads and Java on the internet. Disable unneeded features in Microsoft Office, web...
ASD37-05	Automated dynamic analysis of email and web content (Excellent)	Automated dynamic analysis to detonate and analyse content run in a sandbox, e.g. by an email gateway or web proxy. Enri...
ASD37-06	Email content filtering (Excellent)	Filter emails and their content. Only allow approved attachment types. Inspect content for malware. Analyse links.
ASD37-07	Web content filtering (Excellent)	Filter incoming and outgoing web traffic. Allow only approved types of web content. Inspect incoming web content for mal...
ASD37-08	Deny direct internet connectivity (Excellent)	Deny corporate computers direct internet connectivity. Web and email traffic should transit through a content-checking p...
ASD37-09	OS generic exploit mitigation (Excellent)	Operating system generic exploit mitigation e.g. Data Execution Prevention (DEP), Address Space Layout Randomisation (AS...
ASD37-10	Server application hardening (Very Good)	Harden server applications (e.g. web, email, collaboration, database) including removing unneeded features, applying ven...
ASD37-11	Operating system hardening (Very Good)	Harden operating systems based on vendor guidance and ASD guidance. Remove unneeded software, services and ports.
ASD37-12	Antivirus software with heuristics (Very Good)	Antivirus software using heuristics and reputation ratings to check a file's prevalence and digital signature prior to e...
ASD37-13	Control removable storage media (Very Good)	Control removable storage media and connected devices. Block USB storage devices. Disable AutoRun/AutoPlay.
ASD37-14	Block spoofed emails (Very Good)	Block spoofed emails. Use Sender Policy Framework (SPF) or Sender ID to check incoming emails. Use DKIM and DMARC for ou...
ASD37-15	User education (Limited)	User education regarding applicable threats, reporting of suspicious emails, websites and activity, and the consequences...
ASD37-16	Antivirus software with signatures (Limited)	Antivirus software with up-to-date signatures to identify known malware.
ASD37-17	TLS encryption between email servers (Limited)	TLS encryption between email servers to protect the confidentiality of emails in transit between organisations.

Recovering Data and System Availability

3 controls

Strategies for recovering from cyber security incidents

Controls in the Recovering Data and System Availability domain of ASD Strategies to Mitigate Cyber Security Incidents — 3 controls
Code	Title	Description
ASD37-34	Regular backups (Essential)	Regular backups of important new/changed data, software and configuration settings, stored disconnected, retained for at...
ASD37-35	Business continuity and disaster recovery plans (Very Good)	Business continuity and disaster recovery plans which are tested, including for the scenario of a complete loss of compu...
ASD37-36	System recovery capabilities (Very Good)	System recovery capabilities including standard operating environment images to restore computers to a known good state.

Top 4 (Limit Extent of Incidents)

0 controls

Top 4 (Prevent Malware)

0 controls

Top 4 (Recover Data and System Availability)

0 controls

Your Compliance Coverage

If you comply with ASD Strategies to Mitigate Cyber Security Incidents, you already cover:

Oman National Cybersecurity Framework

54%

20 controls mapped

Compare →

NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI)

54%

20 controls mapped

Compare →

ISO 27001:2022

51%

19 controls mapped

Compare →

+ 273 more: NIST SP 800-82 Revision 3: Guide to Industrial Control Systems (ICS) Security (49%), NIST SP 800-146 (46%)

See all 276 mapped frameworks ↓

Maps to 276 other frameworks

37 total controls

Oman National Cybersecurity Framework

20 source controls mapped|6 target controls covered

54%

NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI)

20 source controls mapped|18 target controls covered

54%

ISO 27001:2022

19 source controls mapped|16 target controls covered

51%

NIST SP 800-82 Revision 3: Guide to Industrial Control Systems (ICS) Security

18 source controls mapped|6 target controls covered

49%

NIST SP 800-146

17 source controls mapped|3 target controls covered

46%

NIST SP 800-145

17 source controls mapped|4 target controls covered

46%

NIST SP 800-144

17 source controls mapped|7 target controls covered

46%

MTCS (Singapore)

17 source controls mapped|5 target controls covered

46%

ISMAP (Japan)

17 source controls mapped|4 target controls covered

46%

Azure Security Benchmark

17 source controls mapped|10 target controls covered

46%

AWS Well-Architected Security Pillar

17 source controls mapped|10 target controls covered

46%

ISO 27017

17 source controls mapped|11 target controls covered

46%

NIST SP 800-190

17 source controls mapped|11 target controls covered

46%

ISO 27018

17 source controls mapped|11 target controls covered

46%

CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0

16 source controls mapped|13 target controls covered

43%

NIS2 Directive

16 source controls mapped|3 target controls covered

43%

NERC CIP

16 source controls mapped|2 target controls covered

43%

IEEE 1686

16 source controls mapped|3 target controls covered

43%

API 1164

16 source controls mapped|7 target controls covered

43%

ISO 27019

16 source controls mapped|7 target controls covered

43%

IEC 62443

16 source controls mapped|7 target controls covered

43%

NIST SP 1800-32

16 source controls mapped|7 target controls covered

43%

NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements

15 source controls mapped|12 target controls covered

41%

NIST Privacy Framework

14 source controls mapped|6 target controls covered

38%

ASIC Cyber Resilience Good Practices

14 source controls mapped|7 target controls covered

38%

AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)

14 source controls mapped|8 target controls covered

38%

OSFI B-13

14 source controls mapped|4 target controls covered

38%

PSD2 SCA

14 source controls mapped|4 target controls covered

38%

Open Banking Security

14 source controls mapped|4 target controls covered

38%

Monetary Authority of Singapore Technology Risk Management Guidelines

14 source controls mapped|4 target controls covered

38%

HKMA SPM

14 source controls mapped|2 target controls covered

38%

GLBA

14 source controls mapped|3 target controls covered

38%

FedRAMP Rev 5

14 source controls mapped|4 target controls covered

38%

NIST SP 800-53 Rev 5

14 source controls mapped|17 target controls covered

38%

PCI P2PE

14 source controls mapped|10 target controls covered

38%

PCI PIN Security

14 source controls mapped|12 target controls covered

38%

PCI SSF

14 source controls mapped|11 target controls covered

38%

APRA CPS 234

14 source controls mapped|11 target controls covered

38%

FFIEC IT Examination Handbook

14 source controls mapped|10 target controls covered

38%

FFIEC Cybersecurity Assessment Tool (CAT)

14 source controls mapped|7 target controls covered

38%

ISO/IEC 27011:2024

13 source controls mapped|7 target controls covered

35%

IACS Unified Requirements E26/E27 - Cyber Resilience of Ships and On-Board Systems

13 source controls mapped|6 target controls covered

35%

HKMA Cyber Resilience Assessment Framework (C-RAF)

13 source controls mapped|2 target controls covered

35%

NIST Cybersecurity Framework 2.0

13 source controls mapped|13 target controls covered

35%

ISO/IEC 27400:2022

12 source controls mapped|6 target controls covered

32%

NIS2 Directive Implementing Acts

12 source controls mapped|4 target controls covered

32%

TSA Pipeline Cybersecurity Directives

12 source controls mapped|1 target controls covered

32%

SLSA

12 source controls mapped|3 target controls covered

32%

SIG (Shared Assessments)

12 source controls mapped|3 target controls covered

32%

PTES

12 source controls mapped|3 target controls covered

32%

OWASP SAMM

12 source controls mapped|2 target controls covered

32%

OWASP MASVS

12 source controls mapped|5 target controls covered

32%

OWASP ASVS

12 source controls mapped|6 target controls covered

32%

OpenSSF Scorecard

12 source controls mapped|4 target controls covered

32%

NIST SP 800-92

12 source controls mapped|4 target controls covered

32%

NIST SP 800-88

12 source controls mapped|5 target controls covered

32%

NIST SP 800-63-4

12 source controls mapped|4 target controls covered

32%

NIST SP 800-61

12 source controls mapped|3 target controls covered

32%

NIST SP 800-137

12 source controls mapped|3 target controls covered

32%

NIST SP 800-123

12 source controls mapped|4 target controls covered

32%

NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)

12 source controls mapped|1 target controls covered

32%

MITRE D3FEND

12 source controls mapped|3 target controls covered

32%

MITRE ATT&CK

12 source controls mapped|3 target controls covered

32%

ISO/SAE 21434

12 source controls mapped|9 target controls covered

32%

ISO 27043

12 source controls mapped|9 target controls covered

32%

NIST SP 800-124 Revision 2 - Guidelines for Managing the Security of Mobile Devices

11 source controls mapped|8 target controls covered

30%

OWASP DevSecOps Maturity Model (DSOMM)

11 source controls mapped|4 target controls covered

30%

Ghana Cybersecurity Act

11 source controls mapped|5 target controls covered

30%

FISMA

11 source controls mapped|3 target controls covered

30%

BSI IT-Grundschutz

11 source controls mapped|10 target controls covered

30%

Belgium CyberFundamentals

11 source controls mapped|10 target controls covered

30%

CIS Controls v8

10 source controls mapped|10 target controls covered

27%

ISO/IEC 27010:2015

10 source controls mapped|5 target controls covered

27%

IAEA Nuclear Security Series - Computer Security at Nuclear Facilities (NSS-17-T Rev 1)

10 source controls mapped|2 target controls covered

27%

FTC GLBA Safeguards Rule (16 CFR Part 314)

9 source controls mapped|4 target controls covered

24%

ISO 28001:2007 Supply Chain Security Management

9 source controls mapped|3 target controls covered

24%

Secure by Design: A Guide for Manufacturers (CISA)

8 source controls mapped|2 target controls covered

22%

ACSC Essential Eight

8 source controls mapped|24 target controls covered

22%

SSAE 18 - Attestation Standards (SOC Reporting)

8 source controls mapped|7 target controls covered

22%

SANS Incident Handler's Handbook and PICERL Methodology

8 source controls mapped|6 target controls covered

22%

FBI CJIS Security Policy

8 source controls mapped|5 target controls covered

22%

Nevada Gaming Control Board Cybersecurity Requirements

7 source controls mapped|2 target controls covered

19%

New Zealand Information Security Manual (NZISM)

7 source controls mapped|3 target controls covered

19%

NAIC Insurance Data Security Model Law (MDL-668)

7 source controls mapped|4 target controls covered

19%

IMO Maritime Cybersecurity Guidelines (MSC-FAL.1/Circ.3/Rev.2)

7 source controls mapped|4 target controls covered

19%

SOC 2

7 source controls mapped|7 target controls covered

19%

ISO 20000-1

7 source controls mapped|4 target controls covered

19%

Japan FSA Cybersecurity Guidelines for Financial Institutions

7 source controls mapped|2 target controls covered

19%

NIST SP 800-66

6 source controls mapped|2 target controls covered

16%

MDS2 (Medical Device)

6 source controls mapped|4 target controls covered

16%

MARS-E

6 source controls mapped|6 target controls covered

16%

FDA 21 CFR Part 11

6 source controls mapped|6 target controls covered

16%

ISO 13485

6 source controls mapped|9 target controls covered

16%

ISO 27799

6 source controls mapped|8 target controls covered

16%

US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements

6 source controls mapped|1 target controls covered

16%

TEFCA - Trusted Exchange Framework and Common Agreement

6 source controls mapped|1 target controls covered

16%

PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments

6 source controls mapped|3 target controls covered

16%

O-RAN WG11 Security Specification

6 source controls mapped|2 target controls covered

16%

ASIS SPC.1-2009 - Organizational Resilience Standard

6 source controls mapped|5 target controls covered

16%

ITIL 4

6 source controls mapped|3 target controls covered

16%

DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition)

6 source controls mapped|3 target controls covered

16%

GAMP 5 - Good Automated Manufacturing Practice

6 source controls mapped|1 target controls covered

16%

Annex 11 to EU GMP - Computerised Systems

6 source controls mapped|3 target controls covered

16%

FIRST CSIRT Services Framework and Standards

6 source controls mapped|2 target controls covered

16%

Florida Digital Bill of Rights (FDBR)

5 source controls mapped|4 target controls covered

14%

Laos Law on Prevention and Combating Cybercrime (2015)

5 source controls mapped|2 target controls covered

14%

India CERT-In Cyber Security Directions 2022

5 source controls mapped|3 target controls covered

14%

HITECH Act

5 source controls mapped|3 target controls covered

14%

ISO/IEC 27031:2011

5 source controls mapped|7 target controls covered

14%

ISO 15189:2022 - Medical Laboratories Requirements for Quality and Competence

5 source controls mapped|6 target controls covered

14%

Canada ITSG-33 - IT Security Risk Management

5 source controls mapped|1 target controls covered

14%

UK Gambling Commission - Cyber Resilience Requirements

5 source controls mapped|1 target controls covered

14%

NFPA 1600 - Standard on Continuity, Emergency, and Crisis Management

5 source controls mapped|5 target controls covered

14%

ISO 22320:2018

5 source controls mapped|3 target controls covered

14%

APRA CPS 230 Operational Risk Management

5 source controls mapped|4 target controls covered

14%

Virginia CDPA

4 source controls mapped|2 target controls covered

11%

Vietnam PDPD

4 source controls mapped|2 target controls covered

11%

Uruguay DPL

4 source controls mapped|3 target controls covered

11%

Turkey KVKK

4 source controls mapped|2 target controls covered

11%

Texas Data Privacy Act

4 source controls mapped|2 target controls covered

11%

Taiwan PDPA

4 source controls mapped|2 target controls covered

11%

Qatar DPL

4 source controls mapped|3 target controls covered

11%

Privacy Act 2020

4 source controls mapped|4 target controls covered

11%

POPIA

4 source controls mapped|3 target controls covered

11%

Peru DPL

4 source controls mapped|3 target controls covered

11%

Personal Data Act (personopplysningsloven)

4 source controls mapped|4 target controls covered

11%

PDPA Thailand

4 source controls mapped|4 target controls covered

11%

PDPA Singapore

4 source controls mapped|4 target controls covered

11%

Oregon Consumer Privacy Act

4 source controls mapped|4 target controls covered

11%

NIST SP 800-122

4 source controls mapped|3 target controls covered

11%

Nigeria Data Protection Regulation (NDPR)

4 source controls mapped|2 target controls covered

11%

Nigeria Data Protection Act 2023 (NDPA)

4 source controls mapped|7 target controls covered

11%

Nebraska Data Privacy Act

4 source controls mapped|7 target controls covered

11%

New Jersey Data Privacy Act

4 source controls mapped|4 target controls covered

11%

New Hampshire Data Privacy Act

4 source controls mapped|3 target controls covered

11%

Montana Consumer Data Privacy Act

4 source controls mapped|3 target controls covered

11%

Minnesota Consumer Data Privacy Act

4 source controls mapped|3 target controls covered

11%

Mexico LFPDPPP

4 source controls mapped|4 target controls covered

11%

Mauritius DPA

4 source controls mapped|4 target controls covered

11%

Maryland Online Data Privacy Act of 2024

4 source controls mapped|3 target controls covered

11%

Malaysia PDPA 2010

4 source controls mapped|4 target controls covered

11%

Liechtenstein DPA

4 source controls mapped|2 target controls covered

11%

LGPD

4 source controls mapped|2 target controls covered

11%

Ley Orgánica de Protección de Datos Personales (LOPDP)

4 source controls mapped|2 target controls covered

11%

Law No. 172-13 on the Protection of Personal Data

4 source controls mapped|2 target controls covered

11%

Kentucky Consumer Data Protection Act

4 source controls mapped|3 target controls covered

11%

Jamaica Data Protection Act 2020

4 source controls mapped|5 target controls covered

11%

Iowa Consumer Data Protection Act

4 source controls mapped|5 target controls covered

11%

Indonesia PDP Law

4 source controls mapped|4 target controls covered

11%

Indiana Consumer Data Protection Act

4 source controls mapped|2 target controls covered

11%

India DPDP Act

4 source controls mapped|3 target controls covered

11%

Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018)

4 source controls mapped|2 target controls covered

11%

Family Educational Rights and Privacy Act (FERPA)

4 source controls mapped|2 target controls covered

11%

Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)

4 source controls mapped|3 target controls covered

11%

APPI

4 source controls mapped|5 target controls covered

11%

Bahrain PDPL

4 source controls mapped|5 target controls covered

11%

NIST AI Risk Management Framework (AI RMF 1.0)

4 source controls mapped|4 target controls covered

11%

Sigstore - Software Artifact Signing and Verification

4 source controls mapped|2 target controls covered

11%

HL7 FHIR Security Framework

4 source controls mapped|2 target controls covered

11%

3GPP 5G Security Architecture (TS 33.501)

4 source controls mapped|5 target controls covered

11%

ISO/IEC 27006:2024

4 source controls mapped|2 target controls covered

11%

AS9100D:2016 - Quality Management Systems for Aviation, Space, and Defence

4 source controls mapped|2 target controls covered

11%

NIST Special Publication 800-34 Revision 1, Contingency Planning Guide for Federal Information Systems

4 source controls mapped|3 target controls covered

11%

Vietnam Law on Cybersecurity (No. 24/2018/QH14)

3 source controls mapped|2 target controls covered

UK GDPR (UK General Data Protection Regulation)

3 source controls mapped|2 target controls covered

Trinidad and Tobago Data Protection Act 2011

3 source controls mapped|4 target controls covered

Tanzania Personal Data Protection Act (Draft)

3 source controls mapped|2 target controls covered

Pakistan Personal Data Protection Bill 2023

3 source controls mapped|3 target controls covered

NRF Cybersecurity and Data Privacy Framework (National Retail Federation)

3 source controls mapped|2 target controls covered

South Korea PIPA

3 source controls mapped|2 target controls covered

Austria Data Protection Act (Datenschutzgesetz, DSG, amended 2018)

3 source controls mapped|4 target controls covered

Barbados Data Protection Act 2019

3 source controls mapped|3 target controls covered

Protective Security Policy Framework (PSPF) Release 2024

3 source controls mapped|2 target controls covered

OWASP Top 10 for LLM Applications 2025

3 source controls mapped|4 target controls covered

Myanmar Cybersecurity Law (2023)

3 source controls mapped|1 target controls covered

FIDO2 / WebAuthn

3 source controls mapped|2 target controls covered

IEC 62351 - Power Systems Communication Security

3 source controls mapped|4 target controls covered

ISO/IEC 29115:2023 - Entity Authentication Assurance Framework

3 source controls mapped|4 target controls covered

ISO 19011

3 source controls mapped|4 target controls covered

ISO/IEC 23837 - Security Requirements for Quantum Key Distribution

3 source controls mapped|4 target controls covered

ISO 22739:2024 - Blockchain and Distributed Ledger Technologies Vocabulary

3 source controls mapped|4 target controls covered

ISO/IEC 17025:2017 - General Requirements for Testing and Calibration Laboratories

3 source controls mapped|2 target controls covered

MARS-E - Minimum Acceptable Risk Standards for Exchanges

3 source controls mapped|2 target controls covered

AS9100D - Aerospace Quality Management System

3 source controls mapped|1 target controls covered

ISO/IEC 27003:2017

3 source controls mapped|1 target controls covered

IEC 62304:2015 Medical Device Software Lifecycle Processes

3 source controls mapped|2 target controls covered

Automotive SPICE (ASPICE) v4.0 - Process Assessment Model

3 source controls mapped|1 target controls covered

ISO 26262:2018 - Functional Safety for Road Vehicles

3 source controls mapped|1 target controls covered

Nigeria Open Banking Regulatory Framework (CBN, 2023)

3 source controls mapped|2 target controls covered

NABERS - National Australian Built Environment Rating System

3 source controls mapped|1 target controls covered

ISO 22316

3 source controls mapped|5 target controls covered

ISO 22317

3 source controls mapped|5 target controls covered

ISO 22318

3 source controls mapped|5 target controls covered

UK AI Regulation Framework

2 source controls mapped|2 target controls covered

TISAX - Trusted Information Security Assessment Exchange

2 source controls mapped|2 target controls covered

OECD AI Principles

2 source controls mapped|2 target controls covered

Japan AI Guidelines

2 source controls mapped|2 target controls covered

IEEE 7000

2 source controls mapped|2 target controls covered

WCAG 2.2

2 source controls mapped|1 target controls covered

W3C Verifiable Credentials (VC) Data Model 2.0

2 source controls mapped|1 target controls covered

USMCA Chapter 19 - Digital Trade (United States-Mexico-Canada Agreement)

2 source controls mapped|1 target controls covered

Regional Comprehensive Economic Partnership (RCEP) - E-Commerce Chapter

2 source controls mapped|1 target controls covered

Tennessee Information Protection Act (TIPA)

2 source controls mapped|1 target controls covered

Regulation on the European Health Data Space (EHDS)

2 source controls mapped|1 target controls covered

OWASP Top 10:2025

2 source controls mapped|1 target controls covered

MiFID II / MiFIR

2 source controls mapped|1 target controls covered

ITU-T X.805 - Security Architecture for End-to-End Communications

2 source controls mapped|2 target controls covered

ITAR - International Traffic in Arms Regulations

2 source controls mapped|2 target controls covered

ILO Tripartite Declaration of Principles concerning Multinational Enterprises (MNE Declaration)

2 source controls mapped|1 target controls covered

ILO Declaration on Fundamental Principles and Rights at Work (Core Conventions)

2 source controls mapped|1 target controls covered

ICAO Annex 17 - Aviation Security (AVSEC)

2 source controls mapped|1 target controls covered

GLI-33 - Gaming Laboratories International Event Wagering Systems

2 source controls mapped|1 target controls covered

AML/CTF Act 2006 (Australia)

2 source controls mapped|1 target controls covered

Armenia Law on Protection of Personal Data (2015)

2 source controls mapped|1 target controls covered

Bank Secrecy Act / Anti-Money Laundering (BSA/AML)

2 source controls mapped|1 target controls covered

Illinois Biometric Information Privacy Act (BIPA)

2 source controls mapped|2 target controls covered

ISO 19650 - Organisation and Digitisation of Information about Buildings and Civil Engineering Works (BIM)

2 source controls mapped|1 target controls covered

BS 65000:2014 - Guidance on Organizational Resilience

2 source controls mapped|2 target controls covered

Authorised Economic Operator (AEO) Programmes - Global Standards

2 source controls mapped|1 target controls covered

FedRAMP High

2 source controls mapped|2 target controls covered

NIST SP 800-53 Revision 5.1 HIGH

2 source controls mapped|2 target controls covered

FedRAMP Moderate

2 source controls mapped|2 target controls covered

NIST SP 800-53 Rev 5 MODERATE

2 source controls mapped|1 target controls covered

NIST SP 800-53 Rev 5 LOW

2 source controls mapped|1 target controls covered

IAIS Insurance Core Principles (ICPs)

2 source controls mapped|1 target controls covered

Voluntary Principles on Security and Human Rights (VPs)

2 source controls mapped|1 target controls covered

US Maritime Transportation Security Act (MTSA) and USCG Cybersecurity Requirements

2 source controls mapped|1 target controls covered

Singapore Cybersecurity Act 2018

2 source controls mapped|1 target controls covered

Papua New Guinea National Cybersecurity Policy & Cybercrime Act (2016)

2 source controls mapped|1 target controls covered

NIST SP 800-171

2 source controls mapped|1 target controls covered

ISO/IEC 30111:2019

2 source controls mapped|2 target controls covered

ISO/IEC 29147:2018

2 source controls mapped|1 target controls covered

AICPA Privacy Management Framework (PMF)

2 source controls mapped|1 target controls covered

COSO Internal Control - Integrated Framework (2013)

2 source controls mapped|1 target controls covered

EASA Part-IS - Information Security in Aviation

2 source controls mapped|3 target controls covered

UNICEF Policy Guidance on AI for Children (2021)

1 source controls mapped|1 target controls covered

UNESCO Recommendation on the Ethics of AI

1 source controls mapped|1 target controls covered

Student Privacy Pledge 2020

1 source controls mapped|1 target controls covered

Paraguay Law on Protection of Personal Data (Law No. 6534/2020)

1 source controls mapped|1 target controls covered

Law on Personal Data Protection (Official Gazette No. 42/2020)

1 source controls mapped|1 target controls covered

Jordan Draft Personal Data Protection Law (2022)

1 source controls mapped|2 target controls covered

Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018)

1 source controls mapped|2 target controls covered

ICH E6(R3) - Good Clinical Practice

1 source controls mapped|1 target controls covered

Hungary Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Info Act)

1 source controls mapped|1 target controls covered

Georgia Law on Personal Data Protection (2012)

1 source controls mapped|1 target controls covered

Albania Law on Protection of Personal Data (Law No. 9887, 2008, amended 2014)

1 source controls mapped|2 target controls covered

GDPR

1 source controls mapped|3 target controls covered

Belgium Data Protection Act (Wet van 30 juli 2018, Loi du 30 juillet 2018)

1 source controls mapped|2 target controls covered

Azerbaijan Law on Personal Data (2010)

1 source controls mapped|2 target controls covered

ISO/IEC 23894:2023

1 source controls mapped|1 target controls covered

ISO 26000:2010

1 source controls mapped|1 target controls covered

UK FCA/PRA Operational Resilience Framework

1 source controls mapped|1 target controls covered

South Africa Promotion of Access to Information Act (PAIA)

1 source controls mapped|1 target controls covered

South Korea Cloud Security Assurance Program (CSAP)

1 source controls mapped|1 target controls covered

SASB Standards

1 source controls mapped|1 target controls covered

NATO Cyber Defence Policy and NATO Computer Incident Response Capability (NCIRC)

1 source controls mapped|1 target controls covered

IRM Enterprise Risk Management Framework (Institute of Risk Management)

1 source controls mapped|1 target controls covered

ISO/IEC 38500:2024 - Governance of IT

1 source controls mapped|1 target controls covered

ISO/IEC 27007:2020

1 source controls mapped|1 target controls covered

COBIT 2019

1 source controls mapped|1 target controls covered

ISO/IEC 25012:2008 - Data Quality Model

1 source controls mapped|1 target controls covered

Bermuda Monetary Authority (BMA) Cyber Risk Management Code of Conduct

1 source controls mapped|1 target controls covered

NIST Post-Quantum Cryptography Standards (FIPS 203, 204, 205)

1 source controls mapped|4 target controls covered

NATO STANAG 4774 (Confidentiality Metadata Labels) and STANAG 4778 (Metadata Binding)

1 source controls mapped|1 target controls covered

ISO 27005

1 source controls mapped|1 target controls covered

ISO/IEC 27557:2022 - Organisational Privacy Risk Management

1 source controls mapped|1 target controls covered

ISO 31000:2018

1 source controls mapped|2 target controls covered

NSA Guidance for Transition to Quantum-Resistant Cryptography

1 source controls mapped|3 target controls covered

ISO 56002

1 source controls mapped|3 target controls covered

ISO 41001:2018 - Facility Management Systems

1 source controls mapped|3 target controls covered

ISO 39001:2012 - Road Traffic Safety Management

1 source controls mapped|3 target controls covered

ISO 37002:2021 - Whistleblowing Management Systems

1 source controls mapped|3 target controls covered

ISO 50001:2018 - Energy Management Systems

1 source controls mapped|3 target controls covered

ISO 22313:2020 - Guidance on Business Continuity Management Systems

1 source controls mapped|3 target controls covered

IATA Operational Safety Audit (IOSA) Standards Manual

1 source controls mapped|1 target controls covered

Space ISAC (Information Sharing and Analysis Center) - Threat Framework

1 source controls mapped|1 target controls covered

Compare ASD Strategies to Mitigate Cyber Security Incidents with Oman National Cybersecurity Framework

Frequently Asked Questions

What is ASD Strategies to Mitigate Cyber Security Incidents?

ASD Strategies to Mitigate Cyber Security Incidents is a compliance framework from Australia with 9 domains and 37 controls. A prioritised list of 37 mitigation strategies published by the Australian Signals Directorate to help organisations protect themselves against cyber threats. The Essential Eight is a subset of these strategies. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does ASD Strategies to Mitigate Cyber Security Incidents have?

ASD Strategies to Mitigate Cyber Security Incidents has 37 controls organised across 9 domains. The largest domains are Preventing Malware Delivery and Execution (17 controls), Limiting the Extent of Cyber Security Incidents (10 controls), Detecting Cyber Security Incidents and Responding (6 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does ASD Strategies to Mitigate Cyber Security Incidents map to?

ASD Strategies to Mitigate Cyber Security Incidents maps to 276 other compliance frameworks. The top mapping partners are Oman National Cybersecurity Framework (54% coverage), NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI) (54% coverage), ISO 27001:2022 (51% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with ASD Strategies to Mitigate Cyber Security Incidents compliance?

Start your ASD Strategies to Mitigate Cyber Security Incidents compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about ASD Strategies to Mitigate Cyber Security Incidents requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 37 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 706 frameworks.

Get Started Free →

Free forever — no credit card required