February 2020 New Zealand Information Security Manual

The New Zealand Information Security Manual (NZISM)(external link) has released an update which includes revisions of the chapter on information security incidents.

The review of Chapter 7, Information Security Incidents, contains changes to all three sections of this chapter, in particular section 7.2 Reporting Information Security Incidents.

These changes focus on improving agencies’ understanding of the nature of information security incidents, and streamlining the requirements for agencies to report such incidents.

Other changes in the NZISM update addition of new topics to Section 16.1 Identification and Authentication, including Passwords & password storage; Password character set limitations; Hashing: Salting; and Key Stretching.

Additional content on Salting has been added to Section 17.2 Approved Cryptographic Algorithms and updates have also been made to FedRAMP in section 5.8; and to 11.5 Personal wearable devices.

There are a number of minor wording changes throughout the document, these amendments are designed to simplify language and to help with interpretation.

The February 2020 NZISM v3.3 replaces the previous edition NZISM v3.2 which was published in December 2018.