New Zealand NZISM

New Zealand's Information Security Manual — the national baseline for government and crown entities.

Regulator

Government Communications Security Bureau (GCSB)

Jurisdiction

New Zealand — government and crown entities

Status

Active.

In force since

Active

Regulator's source

Who it applies to

NZ government, crown entities, and suppliers to them.

Audit / certification status

Continuous evidence pipeline available; audit support included for all customers.

What it requires

What NZISM actually requires.

These are the obligations a regulated entity owes — the things an assessor or supervisor will ask about.

Compliance with NZISM controls per classification.

Certification & accreditation for systems handling classified information.

How Safeguard maps to it

Pre-mapped controls. Continuous evidence.

Each requirement above is bound to live telemetry — not screenshots. The mapping below is what your auditor or regulator sees.

NZISM control crosswalk.

C&A package generation.

Evidence we produce

Artifacts your auditor accepts.

Each evidence artifact is signed and timestamped. Auditors can verify integrity without trusting Safeguard.

NZISM C&A pack.

Related frameworks

One evidence base. Many regulators.

These frameworks share substantial control overlap with NZISM. Customers running one assessment typically satisfy the others with the same evidence base.

Australia ACSC Essential Eight

APAC

ASD's Essential Eight Maturity Model — the foundational cyber baseline for Australian government and broadly used in the private sector.

Open

Ready for NZISM?

Bring the framework. We'll walk the controls with you — section by section, evidence packet by evidence packet, with the regulators you actually have to answer to.

Back to the framework map