System Login Security Reminder Banner
A login message that reminds users of their security duties when accessing the system.
Plain language
This control is about showing a message to everyone who logs into your system, reminding them not to misuse information or disrupt operations. It's important because without these reminders, people might forget or ignore safe practices, leading to data leaks or system misuse that could harm your business.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2023
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Systems have a logon banner that reminds users of their security responsibilities when accessing the system and its resources.
Why it matters
Without a logon security reminder banner, users may ignore access conditions and acceptable use, increasing risk of unauthorised activity or data compromise.
Operational notes
Review the logon banner text periodically to match current acceptable-use and monitoring notices, and ensure it appears on all interactive logon paths.
Implementation tips
- The IT team should configure the login system to show a security reminder banner. They can do this by editing login scripts or settings to display a message before users enter their username and password. Ensure the message is clear and warns against unauthorized use and the importance of protecting data.
- Managers should work with IT to draft the login message content. This message should remind users of their obligations like following company policies and not sharing login details. Keep it short but firm, and get feedback to ensure it covers all important points.
- System owners should ensure the login banner is updated regularly. They can set a calendar reminder to check if legal or policy changes require updates to the login message. Consistency with organisational policies is crucial, so review changes with the legal team.
- HR should train new employees on the importance of the security banner during onboarding. Include a short session explaining why the message appears and what responsibilities they have when accessing company systems. Reinforce that they should read and heed the warning every time.
- The compliance officer should document banner implementation and updates. This involves keeping records of message versions, when they were implemented, and who approved changes. This documentation helps verify compliance in audits.
Audit / evidence tips
-
Askdocumentation showing the current login message: Request a screenshot or file showing the exact wording displayed to users
Goodis a current and appropriate message that aligns with company security policies
-
Aska document or email chain detailing the steps for updating the message and getting necessary approvals
Goodhas a clear process with regular reviews and stakeholder involvement
-
Goodis the banner displaying in a way that users can't miss before they enter credentials
-
Askthem to explain how they ensure the message displays reliably across all systems
Gooddemonstrates regular checks and system health monitoring
-
Askemployee onboarding content or security training materials
Goodincludes clear explanations that reinforce the message's purpose in training content
Cross-framework mappings
How ISM-0408 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (2) expand_less | ||
| Annex A 5.4 | ISM-0408 requires a security reminder banner at logon to prompt users about their responsibilities when accessing systems | |
| Annex A 5.15 | ISM-0408 requires systems to display a logon banner reminding users of their security responsibilities when they authenticate | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.