Disable External Interfaces for Direct Memory Access
Disable external communication ports that could directly access system memory to prevent unauthorised access.
Plain language
This control is about turning off certain external connections on your computer that could otherwise directly access its memory. It's important because these connections, if left open, could let someone unauthorised get access to your system and steal or damage sensitive information.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2021
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for system hardeningSection
Operating system hardeningTopic
Device Access ControlOfficial control statement
External communication interfaces that allow DMA are disabled.
Why it matters
If DMA-capable interfaces are left enabled, a rogue device can read or alter system memory, enabling credential theft, data exfiltration, or full compromise.
Operational notes
Verify DMA-capable ports (e.g., Thunderbolt/PCIe expansion) are disabled in BIOS/UEFI and OS policy, and re-check after firmware updates or hardware changes.
Implementation tips
- The IT team should review and identify all computer systems with external interfaces that allow Direct Memory Access (DMA). They can do this by checking computer specifications and settings to see which ports and connections are enabled.
- System owners should coordinate with the IT team to disable these external interfaces where they're not essential for system operation. This can be done by using system settings or software tools that manage hardware connections.
- IT staff need to update configuration policies to ensure these interfaces stay disabled in future setups or updates. This involves documenting the changes and integrating them into standard operating procedures.
- Managers should educate employees about the importance of not re-enabling these interfaces without prior approval. This can be set up as part of regular security awareness training sessions.
- Procurement officers should include the requirement for disabling DMA-capable interfaces in new hardware purchases. They should make sure this requirement is clear to vendors when negotiating contracts or placing orders.
Audit / evidence tips
-
Askthe list of systems with disabled DMA interfaces: Request documentation that lists which systems and specific interfaces have been disabled
Goodis a complete and regularly updated list approved by the IT team
-
Goodresult shows the relevant interfaces as disabled or not present
-
Askhow the team ensures these interfaces remain disabled over time
Goods include regular checks, monitoring tools used, and clear roles assigned for checking compliance
-
Goodresult is recent, relevant training completed by all staff
-
Goodincludes purchasing guidelines that specify disabling or lack of DMA-capable ports
Cross-framework mappings
How ISM-0345 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.1 | ISM-0345 requires a specific endpoint protection measure: disabling external interfaces that allow DMA to block a direct memory access at... | |
| handshake Supports (2) expand_less | ||
| Annex A 7.2 | ISM-0345 requires disabling DMA-capable external interfaces to mitigate direct memory access attacks that often require physical connecti... | |
| Annex A 7.8 | ISM-0345 requires disabling external interfaces that permit DMA to prevent memory compromise through attached peripherals | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.