Disable Unused Network Device Ports
Network devices should have any unused physical ports turned off to prevent unauthorized access.
🏛️ Framework
ASD Information Security Manual (ISM)
🧭 Control effect
Preventative
🔐 Classifications
NC, OS, P, S, TS
🗓️ ISM last updated
Aug 2018
✏️ Control Stack last updated
22 Feb 2026
🎯 E8 maturity levels
N/A
Unused physical ports on network devices are disabled.
Source: ASD Information Security Manual (ISM)
Plain language
This control means turning off any network ports that aren't being used in your organisation's devices, like routers or switches. It matters because if these ports are left on, someone could plug in and access your network without permission, which could lead to sensitive data being stolen or your systems being hacked.
Why it matters
Leaving unused ports active can allow unauthorised network access, enabling rogue device connection, lateral movement and potential data breaches.
Operational notes
Regularly audit switch/router physical ports and administratively shut unused ones; alert on port state changes to detect unauthorised connections quickly.
Implementation tips
- IT team: Identify all network devices in your organisation such as switches and routers that might have unused ports. Do this by conducting a physical walk-through of your network infrastructure and checking the port status on network device management interfaces.
- IT manager: Create a policy to regularly check and disable unused ports on all network devices. Draft a standard procedure that involves routinely generating a list of active and inactive ports from network management software.
- System administrator: Disable unused ports by accessing network device management settings. Use the device’s user interface to manually turn off any ports that aren’t in use, following the vendor's guidelines.
- Network security officer: Set up alerts for when new devices are connected to any network port. Use your network management tools to configure alerts which notify you by email or app when unexpected devices are connected.
- IT support team: Train staff to recognise the importance of keeping unused ports disabled. Develop a quick training session or reminder guides, outlining how to inform IT when a port is no longer required, and what steps to take if they see someone using an unallocated port.
Audit / evidence tips
-
Ask: network port status reports: Request reports showing the current status of each port on network devices
Good: is seeing a majority of ports marked as 'inactive' or 'disabled' along with recent audit dates
-
Ask: to see the device management procedure document: This should outline steps on checking and disabling ports
Good: includes detailed, current procedures that match the actual setup and practices
-
Ask: training schedules or records: Request documented evidence of staff training on unused port policies
Good: is seeing regular training dates and broad staff understanding of port security
-
Ask: to view automated alert configurations: Request a demo of the alert system for unauthorized port usage
Good: includes seeing real-time alerts function correctly during testing
-
Ask: a recent audit report on network devices: Request an internal or third-party audit report highlighting port usage
Good: contains no critical findings on open, unauthorized ports
Cross-framework mappings
How ISM-0534 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| Partially meets (1) | ||
| Annex A 8.20 | ISM-0534 requires unused physical ports on network devices to be disabled to reduce the risk of unauthorised network access | |