We regularly update the New Zealand Information Security Manual (NZISM). The NZISM explains processes and controls for protecting New Zealand Government information and systems.
-
View the New Zealand Information Security Manual on the NZISM website.
Our latest updates to the NZISM
This version of the NZISM gives more clarity and incorporates guidance on new technologies. We updated it after consulting extensively with government agencies and key users.
We’ll continue to update the NZISM regularly to keep up with rapid changes in technology.
-
View the latest updates to the NZISM on the NZISM website.
The NZISM helps government agencies meet legislative requirements
The NZISM is an important part of the Protective Security Requirements. These requirements explain how Cabinet expects government agencies to manage personnel, information, and physical security.
-
View the Protective Security Requirements on the Protective Security Requirements website.
The NZISM is consistent with a wide variety of domestic and international standards for risk management, assurance, and technology.
Who should use the NZISM?
The NZISM aims to meet the needs of:
- government agency executives responsible for information security
- vendors who provide services to government agencies
- contractors and consultants who provide services to government agencies.
The NZISM is also useful for Crown entities, local government bodies, and private sector organisations.
NZISM Baseline Security Templates
NZISM baseline security templates have been developed to assist agencies in understanding the security posture of their cloud environments.
In 2022 the baseline security templates won the best security project in the annual information security industry iSANZ awards.
-
Read more about the baseline security templates on the NZISM website.