We track ASD’s evolving frameworks — ISM June 2026, the transition from Essential Eight to the new Essentials series, ACSC AI security guidance, and post-quantum cryptography roadmaps — and build practical assessment services around the direction of travel.
The cyber threat landscape, AI capabilities, and cryptographic risks are moving fast. ASD’s guidance is responding with greater flexibility, AI-specific controls, and clear quantum timelines. Our services are built to map directly onto this trajectory.
Consultation on the evolution closed 12 July 2026. Moving from prescriptive 8 strategies to a more flexible, threat-informed, chapter-based “Essentials” framework grounded in the ISM.
Latest June 2026 release remains the authoritative cyber security framework for Australian organisations. Integrates risk management with technical controls for IT and OT environments.
New ACSC guidance on defending against AI-enabled attacks, AI data security (poisoning, drift, supply chain), secure AI deployment, OT integration principles, and opportunities for AI in cyber defence. Five Eyes joint statement on AI-driven risk.
ASD “Planning for Post-Quantum Cryptography” (Sept 2025) sets clear milestones: refined plan by end-2026, commence critical system transition by 2028, complete by 2030. “Harvest-now-decrypt-later” is the driving risk.
Every engagement starts with a precise mapping of your current state against the latest ASD guidance. We also offer fast, fixed-price operational continuity reviews for SMEs triggered by recent outages and ACSC warnings.
Current-state Essential Eight maturity assessments (Levels 0–3) with full ISM mapping. We also prepare you for the shift to the new Essentials series with gap analysis against the emerging flexible, threat-informed model.
Comprehensive alignment reviews against the June 2026 ISM. Includes control implementation verification, system security plan development support, and board-level reporting suitable for IRAP preparation or internal assurance.
Specialist assessments covering AI data supply chain risks, poisoned data detection & prevention, data drift monitoring, model input integrity, and secure data pipelines — directly aligned with new ACSC AI data security guidance.
End-to-end AI system governance assessments: threat modelling for frontier models, secure development & deployment practices, OT integration principles, model assurance, supply chain risk for AI/ML components, and Five Eyes-aligned risk management.
Crypto inventory discovery, risk-based prioritisation, “harvest-now-decrypt-later” exposure analysis, and migration roadmaps aligned to ASD’s 2026–2030 timeline. Includes ISM crypto guideline mapping and board reporting.
Specialist offering for smart buildings, PropTech, critical infrastructure and the built environment. Combines physical security, OT/IoT, access control and traditional cyber controls with hands-on renovation and implementation experience.
Fixed-price, rapid review triggered by the Telstra outage and ACSC warnings. We examine the exact areas that caused real disruption: CMS exposure, privileged access, backups, telecommunications dependency, EFTPOS fallback, incident communications and recovery procedures.
Current-state discovery, asset & data flow mapping, and precise alignment to latest ISM / Essentials / AI / PQC guidance.
Maturity scoring, control effectiveness testing, gap analysis and risk prioritisation using ASD-aligned methodologies and our AI co-pilot tooling.
Pragmatic, risk-based roadmap with quick wins, medium-term projects and strategic initiatives mapped to your target maturity and business constraints.
Hands-on support or advisory for implementation, policy uplift, technical controls and change management. Optional AI-augmented continuous monitoring.
Independent assurance reporting, board packs, and ongoing posture monitoring via PropSec Sentinel-style AI co-pilot for continuous governance visibility.
All resources point directly to official cyber.gov.au publications. Phase Security provides independent interpretation and implementation support only.
Whether you need a rapid Essential Eight health check, a full ISM + AI governance review, or a post-quantum cryptography roadmap, we can help you move with confidence.
Independent advisors. Not affiliated with the Australian Signals Directorate or ACSC. All guidance interpreted from publicly available cyber.gov.au resources.
Tell us a little about your needs and we’ll schedule a complimentary 30-minute direction alignment call.
For general enquiries, partnerships or media.
Key developments from cyber.gov.au and how Phase Security is positioning assessment services.
The consultation on evolving the Essential Eight into a broader “Essentials” series (starting with Essentials for enterprise IT) closed on 12 July 2026. Expect greater flexibility and threat-informed prioritisation while remaining grounded in the ISM. Organisations should begin mapping current E8 implementations to the new structure.
The latest Information Security Manual release (June 2026) continues as the primary reference. Key themes include supply chain, resilience, identity, and OT protection. We recommend a control-by-control health check against the June 2026 version.
Multiple high-impact publications in mid-2026 covering defending against AI-enabled attacks, AI data security (poisoning, drift, supply chain), secure AI deployment, and principles for AI in OT environments. Five Eyes agencies issued a joint statement urging immediate action on AI-driven cyber risk.
ASD’s “Planning for Post-Quantum Cryptography” (updated Sept 2025) sets non-negotiable milestones: refined transition plan by end of 2026, commence migration of critical systems by end of 2028, complete by end of 2030. “Harvest now, decrypt later” risk is explicitly called out. This is currently the largest unaddressed gap for most organisations.