Disable Legacy Authentication Methods in Networks
Ensure older and less secure authentication methods are not used to protect network security.
🏛️ Framework
ASD Information Security Manual (ISM)
🧭 Control effect
Preventative
🔐 Classifications
NC, OS, P, S, TS
🗓️ ISM last updated
Feb 2025
✏️ Control Stack last updated
19 Mar 2026
🎯 E8 maturity levels
N/A
A HIPS or EDR solution is implemented on critical servers and high-value servers.
Source: ASD Information Security Manual (ISM)
Plain language
This control is all about stopping the use of outdated authentication methods like LAN Manager (LM) and NT LAN Manager (NTLM) because they are not secure anymore. If these older methods stay in use, it's easier for hackers to break into your network, steal information, and cause harm to your business.
Why it matters
Without HIPS/EDR on critical and high-value servers, malicious activity may go unnoticed, enabling breaches and major outages.
Operational notes
Tune HIPS/EDR rules on critical/high-value servers, monitor alerts and logs daily, and verify agents remain healthy and reporting.
Implementation tips
- System owners should work with IT technicians to identify if any systems still use LAN Manager or NT LAN Manager authentication. They can do this by creating a list of all systems and checking the authentication method used by each one.
- The IT team should update or configure systems to use more secure authentication methods. They can achieve this by checking system settings and applying updates or patches provided by software vendors to disable legacy protocols.
- Managers should ensure employees are aware of these changes and why they matter. Host a meeting or send a detailed email explaining the switch from old to new secure methods, and reassure staff that this is to protect the company.
- The IT team should conduct regular checks to ensure no systems revert to using insecure authentication methods. Implement a schedule for these reviews and log the findings to keep a record.
- Procurement teams should include security requirements when acquiring new systems or software. Specify that any new purchases must support modern, secure authentication methods in the buying criteria.
Audit / evidence tips
-
Ask: a list of all IT systems and their authentication methods: Request documentation showing which methods are used across all systems
Good: list will clearly show all systems using modern, secure methods
-
Ask: system configuration reports: Request detailed reports from the IT team about the authentication settings
Good: report will indicate that secure methods like Active Directory are in place instead
-
Ask: records of IT staff training sessions: Request the dates and content of any training related to this control. Look to see if the training covered why the legacy methods are insecure and how to ensure they're not used
Good: record will show comprehensive training attendance and materials
-
Ask: documented procedures for new system procurement: Request to see any procurement guidelines that include authentication requirements
Good: document will have clear guidelines preventing the purchase of systems with legacy authentication methods
-
Ask: evidence of routine security audits: Request recent audit reports focusing on authentication methods
Good: report will show regular checks and any actions taken to rectify non-compliance
Cross-framework mappings
How ISM-1034 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| Partially meets (2) | ||
| Annex A 8.5 | ISM-1034 requires organisations to disable legacy authentication methods on networks to prevent access via insecure paths | |
| Annex A 8.9 | ISM-1034 mandates disabling legacy authentication methods to secure network services | |