Trust but verify. The famous quote by Ronald Reagan was formed from a Russian Proverb. This was life in 1987.
In 2024, life in the new threat landscape is Zero-Trust. The Australian Government has released it’s latest update to the ISM – Information Security Manual in March 2024. There are 4 mentions of a transition to zero-trust. I predict this will continue to gain momentum in the next few years from organisations and vendors focusing on this area (in addition to what AI can do of course).
The updates include:
Guidelines for Communications Infrastructure
Changes in cabling infrastructure controls referring to periodical assessment of the security of cabling infrastructure.
Guidelines for Enterprise Mobility
Changes to mobile devices that access OFFICIAL: Sensitive or PROTECTED systems or data must use mobile platforms that have completed a Common Criteria evaluation against the Protection Profile for
Mobile Device Fundamentals, version 3.3 or later [ISM-
1867]
Guidelines for ICT Equipment
A new control recommending that approved configurations for ICT equipment be developed, implemented and
maintained was added in support of transitioning towards the adoption of zero trust principles. [ISM-1913]
Guidelines for System Hardening
Hardening operating system configurations & Hardening user application configurations was added in support of transitioning towards the adoption of zero trust principles.
Guidelines for Cryptography
DSA has been withdrawn as an ASD-approved cryptographic
algorithm as has its status as an AACA. [ISM-0994]
The existing control relating to the use of FIPS 186-4 for the selection of suitable curves for elliptic curve cryptography was amended to reference the replacement NIST Special Publication 800-186. [ISM-1446]
Planning for post-quantum cryptography standards
A new control recommending that future cryptographic requirements and dependencies be considered during the
transition to post-quantum cryptographic standards was added. [ISM-1917]