ISM-0109 |
3 |
Event logs from workstations are analyzed in a timely manner to detect cyber security events. |
Out of scope for this guide. |
ISM-0123 |
2, 3 |
Cyber security incidents are reported to the Chief Information Security Officer, or one of their delegates, as soon as possible after they occur or are discovered. |
Out of scope for this guide. |
ISM-0140 |
2, 3 |
Cyber security incidents are reported to ASD as soon as possible after they occur or are discovered. |
Out of scope for this guide. |
ISM-0974 |
2, 3 |
Multifactor authentication is used to authenticate unprivileged users of systems. |
Create conditional access policy requiring multifactor authentication. |
ISM-1173 |
2, 3 |
Multifactor authentication is used to authenticate privileged users of systems. |
Create conditional access policy requiring multifactor authentication. |
ISM-1228 |
2, 3 |
Cyber security events are analyzed in a timely manner to identify cyber security incidents. |
Out of scope for this guide. |
ISM-1401 |
1, 2, 3 |
Multifactor authentication uses either: something users have and something users know, or something users have that be unlocked with something users know or are. |
Create conditional access policy requiring multifactor authentication. |
ISM-1504 |
1, 2, 3 |
Multifactor authentication is used to authenticate users to their organization’s online services that process, store, or communicate their organization’s sensitive data. |
Create conditional access policy requiring multifactor authentication. |
ISM-1505 |
3 |
Multifactor authentication is used to authenticate users of data repositories. |
Create conditional access policy requiring multifactor authentication. |
ISM-1679 |
1, 2, 3 |
Multifactor authentication is used to authenticate users to third-party online services that process, store, or communicate their organization’s sensitive data. |
Create conditional access policy requiring multifactor authentication. |
ISM-1680 |
1, 2, 3 |
Multifactor authentication (where available) is used to authenticate users to third-party online services that process, store, or communicate their organization’s nonsensitive data. |
Create conditional access policy requiring multifactor authentication. |
ISM-1681 |
1, 2, 3 |
Multifactor authentication is used to authenticate customers to online customer services that process, store, or communicate sensitive customer data. |
Nonorganizational users (External ID for customers) are outside of the scope of this document. Microsoft Entra ID supports organizational users, which include employees and guest identities (B2B users) |
ISM-1682 |
2, 3 |
Multifactor authentication used for authenticating users of systems is phishing-resistant. |
Create conditional access policy requiring multifactor authentication and requiring a phishing resistant authentication strength. |
ISM-1683 |
2, 3 |
Successful and unsuccessful multifactor authentication events are centrally logged. |
Verify authentication events are being logged in the Microsoft Entra sign-in logs. |
ISM-1815 |
2, 3 |
Event logs are protected from unauthorized modification and deletion. |
Access controls in place to prevent authorized updates. |
ISM-1819 |
2, 3 |
Following the identification of a cyber security incident, the cyber security incident response plan is enacted. |
Out of scope for this guide. |
ISM-1872 |
2, 3 |
Multifactor authentication used for authenticating users of online services is phishing-resistant. |
Create conditional access policy requiring multifactor authentication and requiring a phishing resistant authentication strength. |
ISM-1873 |
2 |
Multifactor authentication used for authenticating customers of online customer services provides a phishing-resistant option. |
Nonorganizational users (External ID for customers) are outside of the scope of this document. Microsoft Entra ID supports organizational users, which include employees and guest identities (B2B users) |
ISM-1874 |
3 |
Multifactor authentication used for authenticating customers of online customer services is phishing-resistant. |
Nonorganizational users (External ID for customers) are outside of the scope of this document. Microsoft Entra ID supports organizational users, which include employees and guest identities (B2B users) |
ISM-1892 |
1, 2, 3 |
Multifactor authentication is used to authenticate users to their organization’s online customer services that process, store, or communicate their organization’s sensitive customer data. |
Create conditional access policy requiring multifactor authentication. |
ISM-1893 |
1, 2, 3 |
Multifactor authentication is used to authenticate users to third-party online customer services that process, store, or communicate their organization’s sensitive customer data. |
Create conditional access policy requiring multifactor authentication. |
ISM-1894 |
3 |
Multifactor authentication used for authenticating users of data repositories is phishing-resistant. |
Create conditional access policy requiring multifactor authentication and requiring a phishing resistant authentication strength. |
ISM-1906 |
2, 3 |
Event logs from internet-facing servers are analyzed in a timely manner to detect cyber security events. |
Out of scope for this guide. |
ISM-1907 |
3 |
Event logs from non-internet-facing servers are analyzed in a timely manner to detect cyber security events. |
Out of scope for this guide. |