Skip to content
arrow_back
ISM-1607
search
ISM-1607 policy ASD Information Security Manual (ISM)

Integrity Monitoring for Shared Servers

Monitor and log system interactions when sharing a server's hardware using software isolation.

Detective NC OS P ASD Information Security ManualGuidelines for system hardeningloggingmonitoring
record_voice_over

Plain language

This control is about keeping a close watch on what's happening on a shared physical server when it's being divided up and shared using software. It's crucial because if you don't actively monitor and log the activity, you might miss suspicious actions that could compromise sensitive data or the whole system, resulting in data breaches or operational disruptions.

Framework

ASD Information Security Manual (ISM)

Control effect

Detective

Classifications

NC, OS, P, S, TS

ISM last updated

Nov 2024

Control Stack last updated

18 May 2026

E8 maturity levels

N/A

Guideline

Guidelines for system hardening

Section

Virtualisation hardening

Topic

Functional Separation Between Computing Environments

Official control statement

When using a software-based isolation mechanism to share a physical server's hardware, integrity monitoring and centralised event logging is performed for the isolation mechanism and underlying operating system.
policy ASD Information Security Manual (ISM) ISM-1607
priority_high

Why it matters

Without integrity monitoring and centralised logging on the hypervisor/isolation layer and host OS, tampering or compromise may go undetected, enabling cross-tenant access and outages.

settings

Operational notes

Baseline and monitor hypervisor/isolation and host OS files/configs; alert on unauthorised changes. Forward hypervisor and OS logs to a central SIEM for correlation and retention.

build

Implementation tips

  • The IT team should set up monitoring software on shared servers to detect any unusual activities. This can be done by configuring the server to track who accesses it, what they do, and when they do it. Use an intuitive tool that records this information in an easy-to-read format.
  • Managers or system owners should ensure logs are kept in a centralised location. They can do this by working with IT to choose a logging system that keeps all records together so that they are easy to analyse.
  • The IT team should regularly review the logs for any strange patterns of behaviour. This might involve setting up automatic alerts when certain types of untoward actions occur, such as attempts to access restricted areas of the system.
  • IT staff should ensure the server's software isolation tools are updated regularly. This helps protect the system from vulnerabilities that can be exploited, by configuring software to notify them of available updates.
  • Senior management should ensure there's a procedure for responding to anomalies found during monitoring. This means having a clear plan in place that details who to contact and what steps to take if something suspicious is found.
fact_check

Audit / evidence tips

  • AskThe server monitoring configuration document: Ensure it outlines the specifics on what activities are being monitored GoodIncludes a detailed list of activities and events that are tracked
  • AskTo see samples of the log files: Verify that these show regular logging periods and capture data on who accessed the system and what was done GoodIncludes clear timestamps, user identities, and actions performed
  • GoodIncludes screenshots or reports from the logging tool showing inputs from all shared servers
  • AskRecords of software updates: Verify that updates have been timely, reflecting how frequently updates occur GoodContains a version history and the date each was applied
  • AskAbout the procedure for handling anomalies: Check if there's a clear, documented process for when irregularities are found GoodIncludes a flowchart or checklist with defined roles and actions for suspicious activity
link

Cross-framework mappings

How ISM-1607 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.

ISO 27001

Control Notes Details
layers Partially meets (1) expand_less
Annex A 8.16 ISM-1607 focuses on integrity monitoring and centralised logging for server hardware shared via software isolation

E8

Control Notes Details
sync_alt Partially overlaps (3) expand_less
E8-RA-ML2.6 ISM-1607 mandates integrity monitoring and centralised event logging for isolation mechanisms and host OS on shared servers
E8-RA-ML2.9 ISM-1607 requires integrity monitoring and centralised event logging for shared server hardware using software isolation
E8-AH-ML2.12 E8-AH-ML2.12 requires centralised logging of command line process creation events on hosts
extension Depends on (1) expand_less
E8-MF-ML2.7 ISM-1607 requires monitoring and central logging for shared servers using software isolation

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

Mapping detail

Mapping

Direction

Controls