- Posted May 09, 2025
- NZISM Updates
The New Zealand Information Security Manual (NZISM) has released an update (v3.9), which includes updates to chapter 16, chapter 7, section 11.8 and section 18.2.
Chapter 16, Authentication and Access Controls, formerly Access Controls and Passwords, has had the most change, including a name change. More key changes include updating controls for passwords to align with industry standards including NIST. Passwordless authentication has been introduced alongside the inclusion of phishing-resistant multi-factor authentication and extending logging and auditing to include event monitoring. This work stemmed from the advancement of standards and technologies, which have significantly advanced since previous review of this chapter. Most changes in this chapter are in sections 16.1 and 16.7.
Chapter 7 has been updated to improve guidance for detecting and managing security incidents and establishing clearer reporting expectations for GCISO-mandated agencies to report incidents. Increased reporting from mandated agencies will help build a consolidated picture of the operating environment. This update ensures the NZISM aligns with industry guidance and practices.
Section 11.8 has updated a new control, which says agencies who choose to monitor their printing at TS, S and CTS, S and C should centrally log the use of multifunction devices for printing, scanning, and copying. This means the logs can only be accessed or modified by authorised and authenticated users.
Section 18.2 has been updated to introduce Wi-Fi Protected Access 3 (WPA3), which provides equivalent or greater security than WPA2 and WPA, and there are also several new controls included. Wireless local area networks are used by every NZ Government agency, which is why this work was done; this work ensures that our guidance is up to date, relevant, and in line with our partners as well as the latest standards.
Read and download the latest version of the NZISM here 🔗 https://nzism.gcsb.govt.nz/ism-document(external link)
If you would like to participate in the development of the next NZISM update, please reach out to the team: nzism@gcsb.govt.nz
For more NCSC NZ updates, follow us on LinkedIn(external link).