Skip to content
Control Stack logo Control Stack
ISM-1055 ASD Information Security Manual (ISM)

Disable Insecure LAN Manager Authentication

Systems must disable outdated LAN Manager and NT LAN Manager authentication to enhance security.

Preventative Non-classified OFFICIAL: Sensitive PROTECTED SECRET TOP SECRET ASD Information Security ManualGovernanceAuthentication

🏛️ Framework

ASD Information Security Manual (ISM)

🧭 Control effect

Preventative

🔐 Classifications

NC, OS, P, S, TS

🗓️ ISM last updated

Sept 2020

✏️ Control Stack last updated

22 Feb 2026

🎯 E8 maturity levels

N/A

Guideline

Guidelines for system hardening

Section

Authentication hardening

Topic

Insecure Authentication Methods
Official control statement
LAN Manager and NT LAN Manager authentication methods are disabled.

Source: ASD Information Security Manual (ISM)

Plain language

This control is about turning off old, insecure ways of logging into computers and systems, known as LAN Manager and NT LAN Manager. These methods are outdated and can be easily hacked, putting your sensitive information at risk if they remain active.

Why it matters

If LAN Manager/NTLM authentication remains enabled, attackers can force downgrades and capture weak hashes, enabling credential cracking and unauthorised access.

Operational notes

Verify Group Policy/security options disable LM and NTLMv1, and monitor for policy drift so legacy authentication methods are not re-enabled by updates.

Implementation tips

  • The IT team should disable LAN Manager and NT LAN Manager on all systems. This can be done by accessing the system settings on each computer and choosing the option to turn off these authentication methods. Follow the guidelines provided by the software manufacturer or refer to the Australian Cyber Security Centre (ACSC) for detailed instructions.
  • System owners should ensure that all team members are aware of the change and understand how to log in securely using updated methods. Host a workshop or send out a guide via email that explains the new login process and why these changes are necessary for security.
  • Managers should maintain regular communication with the IT team to verify that outdated authentication is disabled on newly acquired systems. Implement a standard procedure for checking settings during the setup of any new device, ensuring these old methods are turned off from the start.
  • The IT team should keep system software and anti-virus applications up to date to complement the disabling of insecure authentication. This can be achieved by scheduling regular updates and monitoring alerts from the system's software providers.
  • Business leaders should involve a cybersecurity consultant to conduct an annual security review that includes checking for deactivated LAN Manager authentication, ensuring compliance with the latest industry standards and best practices.

Audit / evidence tips

  • Ask: a system configuration report: Request documentation that shows authentication settings for all networked systems

    Good: is a report indicating that both LAN Manager and NT LAN Manager are disabled

  • Ask: records of IT team training sessions: Request evidence of training or communication about the changes to authentication methods

    Good: is documentation showing clear communication about disabling these outdated methods

  • Ask: a list of recently purchased devices: Request records of new systems and the setup procedures followed

    Good: includes detailed setup checklists with completed tasks

  • Ask: the results of a security audit: Request the latest cybersecurity audit report

    Good: is a report confirming that LAN Manager is not used within the organisation

  • Ask: a policy document on system authentication: Request to see internal policies about secure login methods

    Good: includes documented policy directions to disable insecure authentication methods across the organisation

Cross-framework mappings

How ISM-1055 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

ISO 27001

Control Notes Details
Partially meets (2)
Annex A 8.5 ISM-1055 requires organisations to disable insecure legacy authentication protocols (LAN Manager and NTLM variants) to reduce credential ...
Annex A 8.9 ISM-1055 requires a specific security configuration: disabling LAN Manager and NT LAN Manager authentication methods

Mapping detail

Mapping

Direction

Controls