JULY 2026 • TRACKING ASD DIRECTION

The definitive stopping point for
Australian cyber governance
in the AI & quantum era.

We track ASD’s evolving frameworks — ISM June 2026, the transition from Essential Eight to the new Essentials series, ACSC AI security guidance, and post-quantum cryptography roadmaps — and build practical assessment services around the direction of travel.

Trusted by boards, CISOs & critical infrastructure operators navigating ASD priorities
Aligned to cyber.gov.au
ISM June 2026
Essential Eight Evolution (Essentials series)
ACSC AI Guidance 2026
PQC Planning Framework
THE DIRECTION OF TRAVEL

ASD is evolving the model.
We help you stay ahead of it.

The cyber threat landscape, AI capabilities, and cryptographic risks are moving fast. ASD’s guidance is responding with greater flexibility, AI-specific controls, and clear quantum timelines. Our services are built to map directly onto this trajectory.

JUN 2026

Essential Eight → Essentials Series

Consultation on the evolution closed 12 July 2026. Moving from prescriptive 8 strategies to a more flexible, threat-informed, chapter-based “Essentials” framework grounded in the ISM.

Prepare for transition
JUN 2026

Information Security Manual (ISM)

Latest June 2026 release remains the authoritative cyber security framework for Australian organisations. Integrates risk management with technical controls for IT and OT environments.

ISM-aligned assessments
JUL 2026

AI Cyber Risk & Governance Surge

New ACSC guidance on defending against AI-enabled attacks, AI data security (poisoning, drift, supply chain), secure AI deployment, OT integration principles, and opportunities for AI in cyber defence. Five Eyes joint statement on AI-driven risk.

AI governance assessments
CRITICAL GAP

Post-Quantum Cryptography Readiness

ASD “Planning for Post-Quantum Cryptography” (Sept 2025) sets clear milestones: refined plan by end-2026, commence critical system transition by 2028, complete by 2030. “Harvest-now-decrypt-later” is the driving risk.

Quantum readiness assessments
OUR OFFERINGS

Assessment services built
around the direction of travel

Every engagement starts with a precise mapping of your current state against the latest ASD guidance. We also offer fast, fixed-price operational continuity reviews for SMEs triggered by recent outages and ACSC warnings.

Essentials Maturity & Transition

Current-state Essential Eight maturity assessments (Levels 0–3) with full ISM mapping. We also prepare you for the shift to the new Essentials series with gap analysis against the emerging flexible, threat-informed model.

Most popular Discovery • Comprehensive • Continuous

ISM Cyber Governance Assessments

Comprehensive alignment reviews against the June 2026 ISM. Includes control implementation verification, system security plan development support, and board-level reporting suitable for IRAP preparation or internal assurance.

For larger organisations & government suppliers

AI Data Operations Security

Specialist assessments covering AI data supply chain risks, poisoned data detection & prevention, data drift monitoring, model input integrity, and secure data pipelines — directly aligned with new ACSC AI data security guidance.

Critical for AI/ML adopters

AI Governance & Secure Deployment

End-to-end AI system governance assessments: threat modelling for frontier models, secure development & deployment practices, OT integration principles, model assurance, supply chain risk for AI/ML components, and Five Eyes-aligned risk management.

New in 2026
PRIORITY GAP

Post-Quantum Cryptography Readiness

Crypto inventory discovery, risk-based prioritisation, “harvest-now-decrypt-later” exposure analysis, and migration roadmaps aligned to ASD’s 2026–2030 timeline. Includes ISM crypto guideline mapping and board reporting.

Recommended before end-2026

Converged Cyber-Physical Assessments

Specialist offering for smart buildings, PropTech, critical infrastructure and the built environment. Combines physical security, OT/IoT, access control and traditional cyber controls with hands-on renovation and implementation experience.

Unique differentiator
NEW • JULY 2026

Cyber & Operational Continuity Review for SMEs

Fixed-price, rapid review triggered by the Telstra outage and ACSC warnings. We examine the exact areas that caused real disruption: CMS exposure, privileged access, backups, telecommunications dependency, EFTPOS fallback, incident communications and recovery procedures.

Fixed-price • 5–10 day turnaround
ENGAGEMENT MODEL

A clear, repeatable path from current state to ASD-aligned resilience.

01
Discover & Map

Current-state discovery, asset & data flow mapping, and precise alignment to latest ISM / Essentials / AI / PQC guidance.

02
Assess & Score

Maturity scoring, control effectiveness testing, gap analysis and risk prioritisation using ASD-aligned methodologies and our AI co-pilot tooling.

03
Roadmap & Prioritise

Pragmatic, risk-based roadmap with quick wins, medium-term projects and strategic initiatives mapped to your target maturity and business constraints.

04
Implement & Embed

Hands-on support or advisory for implementation, policy uplift, technical controls and change management. Optional AI-augmented continuous monitoring.

05
Assure & Monitor

Independent assurance reporting, board packs, and ongoing posture monitoring via PropSec Sentinel-style AI co-pilot for continuous governance visibility.

WHY ORGANISATIONS CHOOSE PHASE SECURITY

We don’t just assess.
We track the model and build around it.

Deep ASD alignment. We live in the guidance — ISM updates, Essentials evolution, AI publications, PQC timelines — and translate it into actionable organisational change.
AI-native delivery. Our assessments are accelerated and continuously enhanced by proprietary AI co-pilot technology (PropSec Sentinel lineage) for faster insight and ongoing monitoring.
Convergence expertise. Unique combination of deep cyber tradecraft with hands-on physical/OT implementation experience from major Australian property and critical infrastructure projects.
Board & executive ready. Clear reporting, risk-based prioritisation and language that resonates with directors navigating AICD/ASD cyber priorities.
THE PHASE SECURITY DIFFERENCE
Not generic GRC
We are threat-informed and direction-aware. Every recommendation references specific ASD publications and timelines rather than generic best practice.
Implementation DNA
Our team has delivered full-lifecycle physical and technical security projects at scale. We know what actually works in Australian environments.
Future-proof by design
We explicitly build transition plans for the new Essentials series and PQC migration — not just today’s controls.
Sector fluency
Deep experience across government-adjacent, critical infrastructure, property/PropTech and enterprise environments.
CURATED FROM THE SOURCE

Resources Hub

Visit cyber.gov.au

All resources point directly to official cyber.gov.au publications. Phase Security provides independent interpretation and implementation support only.

Ready to align your governance
with where ASD is heading?

Whether you need a rapid Essential Eight health check, a full ISM + AI governance review, or a post-quantum cryptography roadmap, we can help you move with confidence.

Independent advisors. Not affiliated with the Australian Signals Directorate or ACSC. All guidance interpreted from publicly available cyber.gov.au resources.