Skip to content

ACSC ISM March 2023

The Australian Cyber Security Centre (ACSC) Information Security Manual (ISM) is a comprehensive cybersecurity framework developed by the Australian Government. Published in March 2023, it provides guidance on protecting information and systems across Australian government and private sector organizations. The ISM covers a broad range of security topics including governance, physical security, personnel security, communications security, and cyber security.

Terraform Registry Subdomain: acscism2023

module "..." {
  source  = "acscism2023.compliance.tf/terraform-aws-modules/<module>/aws"
  version = "<version>"
}

module "..." {
  source = "https://acscism2023.compliance.tf/terraform-aws-modules/<module>/aws"
}

Refer to the Terraform Registry Endpoints section for more details.

Implemented Controls

The following controls are implemented as part of this framework.

Enable/Disable Controls

You can customize the Terraform module for the desired compliance requirements by enabling/disabling individual controls.

Examples

S3 bucket module with ACSC ISM March 2023 compliance framework controls enabled, and a couple of controls disabled

module "..." {
  source = "https://acscism2023.compliance.tf/terraform-aws-modules/s3-bucket/aws?disable=acm_certificate_rsa_key_length_2048_bits_or_greater,codebuild_project_logging_enabled"
}