Restrict File Modifications via Path Rules
Only certain users can change files and folders as allowed by system rules.
Plain language
This control is about making sure that only the right people can change important files and folders on your computer system. It matters because if everyone could make changes, it could lead to accidental or malicious damage, like removing critical files or installing harmful programs that could disrupt your business.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2023
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for system hardeningSection
Operating system hardeningTopic
Application ControlOfficial control statement
When implementing application control using path rules, only approved users can modify approved files and write to approved folders.
Why it matters
If path rules allow unauthorised changes to approved files or folders, attackers can tamper with trusted apps, causing compromise or outages.
Operational notes
Review and test path rules regularly so only approved users can write to approved folders and modify approved files; monitor and audit rule changes.
Implementation tips
- IT team should define which files and folders are critical or sensitive. They can do this by listing all essential files and directories that impact business operations or hold sensitive information.
- The manager should decide which staff require permission to modify these critical files. This involves assessing job roles and responsibilities to determine who truly needs access.
- The system administrator should set up path rules on the operating system to enforce these permissions. They can do this by configuring the system settings so that only approved users can make changes to specified files and folders.
- The HR team should ensure that permission settings are regularly reviewed and updated, especially when staff roles change. This means checking who currently has access to sensitive files and modifying permissions as needed during role changes or staff turnover.
- The IT team should provide training to staff on why these rules and restrictions are in place. This can be done through regular information sessions explaining the importance of protecting digital assets and preventing unauthorised access.
Audit / evidence tips
-
Aska list of approved files and folders with restricted access
Goodincludes a dated document with file paths and the names of those with access permissions
-
Askthe access permissions report from the system
Goodshows clear rules set for specific files and users as intended
-
Askto see the HR process for updating user access permissions
Goodincludes documented procedures and logs showing regular updates and checks
-
Askrecords of training sessions on file access restrictions
Goodincludes a schedule of training sessions and outlined topics discussed with evidence of participant attendance
-
Aska log of access attempts to sensitive files
Goodshows proactive monitoring with irregular activities flagged for review and action
Cross-framework mappings
How ISM-1392 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (3) expand_less | ||
| Annex A 5.15 | ISM-1392 requires a concrete access restriction outcome: only approved users can modify approved files and write to approved folders when... | |
| Annex A 5.18 | ISM-1392 requires that when application control uses path rules, only approved users can modify approved files and write to approved folders | |
| Annex A 8.3 | ISM-1392 requires enforcing that only approved users can modify approved files and write to approved folders under application control pa... | |
| handshake Supports (1) expand_less | ||
| Annex A 8.2 | ISM-1392 requires that only approved users can modify approved files and write to approved folders when path rules are used for applicati... | |
E8
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (1) expand_less | ||
| handshake Supports (4) expand_less | ||
| extension Depends on (2) expand_less | ||
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.