Enable Exploit Protection in Operating Systems
Ensure operating system settings are adjusted to block potential attacks.
Plain language
We need to make sure our computer systems are set up to stop hackers from taking advantage of any weaknesses in the software. This is crucial because if a system is vulnerable, it could lead to sensitive information being stolen, systems being disrupted, and potentially cost the business money and damage its reputation.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for system hardeningSection
Operating system hardeningOfficial control statement
Operating system exploit protection functionality is enabled.
Why it matters
If exploit protection isn't enabled, attackers may exploit OS vulnerabilities, leading to data breaches and operational disruptions.
Operational notes
Regularly verify OS exploit protection settings and updates to prevent new vulnerabilities from being exploited by attackers.
Implementation tips
- The IT team should review current operating system settings to ensure exploit protections are enabled. They can do this by accessing the system’s settings menu and verifying that protections such as Data Execution Prevention and Address Space Layout Randomization are turned on.
- The system owner should regularly update all operating systems to the latest versions. They should set up automatic updates or schedule regular manual checks to ensure each device has the newest protection features, as updates often fix known vulnerabilities.
- The IT team should create a simple guideline for employees on how to keep their system protections enabled. This can include step-by-step instructions with screenshots, explaining how to check their settings and what to do if something seems off.
- Business managers should organise awareness sessions about the importance of keeping systems secure. These sessions can include demonstrations of potential threats and how exploit protection can prevent them, emphasising the real-life consequences of insecure systems.
- System owners should work with their IT team to perform regular checks for compliance. They should use automated tools to scan for and alert any security setting changes that might disable exploit protection, ensuring continuous enforcement.
Audit / evidence tips
- AskThe operating system settings report for each business device GoodIs a consistent report showing enabled protections across all devices
- AskThe process documentation on updating operating systems GoodShows clear procedures for regular updates to secure all systems
- GoodFeatures explicit guidance on exploit protection with visuals or step-by-step guides
- AskLogs or records of regular security checks GoodIs regularly updated logs indicating compliance checks
- GoodIs evidence of active monitoring and swift action to resolve issues
Cross-framework mappings
How ISM-1492 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
E8
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| E8-RA-ML3.4 | E8-RA-ML3.4 requires memory integrity functionality to be enabled to harden systems against memory-based exploitation and unauthorised co... | |
| sync_alt Partially overlaps (3) expand_less | ||
| E8-AC-ML3.3 | E8-AC-ML3.3 requires implementing Microsoft’s vulnerable driver blocklist to prevent exploitation via known vulnerable kernel drivers | |
| E8-RA-ML3.5 | ISM-1492 requires operating system exploit protection functionality to be enabled to block or reduce common exploitation behaviours | |
| E8-RA-ML3.6 | ISM-1492 requires operating system exploit protection functionality to be enabled to reduce successful exploitation paths | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.