Have spent a lot of time over the past twelve months working on projects with ISM requirements.
For those that don’t know the ISM you can grab it’s three PDFs from here.
If you have a legitimate reason for needing it you can also apply for access to OnSecure here.
While working with these frameworks i’ve also found a nice ISM Checklist builder here. A nifty tool for InfoSec professionals who work with the ISM to quickly build a list of the controls relevant to the classification of the system they are working on.
It’s nice to see the people at ASD also working on making the ISM more relevant to Cloud Service Provider platforms.
One suggestion I made to the new Australian Govt DTO was to make the ISM available in some sort of machine readable format. No response yet though.