Australia: Adopted ASD Guide on mitigation strategies for edge devices

On 3 October 2024, the Australian Signals Directorate adopted the guide on mitigation strategies for edge devices. The guide applies to critical infrastructure providers responsible for enterprise network security. The guide aims to enhance the security of so-called edge devices, which act as security intermediaries between internal networks and the internet, and which include firewalls, routers, VPN gateways, Internet of Things devices, and operational technology systems. The guide outlines practices including implementing strong credential management with phishing-resistant multi-factor authentication, conducting threat modelling and integrating devices into vulnerability management processes. The guide also emphasises enabling detailed logging, enforcing strict access controls, segmenting networks, hardening devices, and preferring manufacturers adhering to secure-by-design principles.