New Zealand Information Security Manual

The New Zealand Information Security Manual (NZISM) has been updated to include new guidance relating to cloud computing, independent assurance reports and cryptographic key management.

The July 2017 NZISM v2.6 (external link) updates the previous edition NZISM v2.5 which was published in July 2016.

The most important updates support secure adoption of cloud computing and are the result of extensive consultation with the Department of Internal Affairs (GCIO) and the government information security community.

They focus on the approach to cloud services (Section 2.3), independent assurance reporting (Section 5.8), and Key Management (Section 17.9) which support the DIA’s Cloud Computing and Productivity Initiative.

There are also a large number of supporting amendments, policy interpretations, minor editorial updates throughout the document as well as some new terms and definitions that have been included to clarify and to aid policy interpretation.

All new materials and amendments are designed to simplify approaches while maintaining existing levels of governance and assurance.