May 2015 New Zealand Information Security Manual

The NZISM is a practitioner’s manual designed to meet the needs of agency information security executives as well as vendors, contractors and consultants who provide services to agencies.  It includes minimum technical security standards for good system hygiene, as well as providing other technical and security guidance for government departments and agencies to support good information governance and assurance practices.

The May 2015 NZISM is now available

This version of the NZISM incorporates new material, principally on Personal Wearable Devices.  Cryptographic requirements (Chapter 17) have been strengthened.  A small number of existing controls have seen wording adjustments and enhancements to improve clarity. Additional explanatory material has been added throughout the document.   

A new chapter (Chapter 20 Data Management) has been inserted to improve searchability and make data management topics simpler to find (previously these resided in several different parts of the NZISM).

As always, comments and suggestions for improvements are welcome.  Please direct these to


The May 2015 NZISM has been superceded. Go to NZISM for the latest version of this document.