Monthly Network Scans for Clear-Text Credentials
Monthly scans check for passwords or credentials that are not encrypted.
Plain language
This control is about running regular checks on your computer network to make sure no passwords or login details are lying around in plain view. If these details aren't protected, cyber criminals could easily access your systems, leading to data theft or unauthorised access to sensitive information.
Framework
ASD Information Security Manual (ISM)
Control effect
Detective
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2023
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for system hardeningSection
Authentication hardeningTopic
Protecting CredentialsOfficial control statement
Networks are scanned at least monthly to identify any credentials that are being stored in the clear.
Why it matters
Storing clear-text credentials can lead to unauthorised access, credential reuse, data breaches, and loss of trust.
Operational notes
Run at least monthly scans to detect clear-text credentials in files, configs and logs; remediate findings and re-scan to confirm.
Implementation tips
- IT team should schedule monthly scans: They need to set a fixed date each month to run a software tool that scans the network for any passwords or credentials being stored without encryption. This ensures consistency and guards against potential forgetfulness.
- System administrator should select the right tool: Choose a reputable scanning tool that's suitable for your network size and needs. This involves checking reviews and recommendations from industry sources to avoid using an unreliable tool.
- IT team must securely store scan results: After running the scan, make sure the results are securely stored in a protected location where only authorised personnel can access them. This prevents potential data breaches from sensitive finding storage.
- Manager should review and act on findings: They should regularly check the scan reports and follow up on any issues identified by getting them fixed promptly. This could involve changing password storage methods or reinforcing staff training on safe credential handling.
- IT team must communicate issues and fixes: If any issues are found, the IT team should document them and communicate the necessary actions to staff and leadership, ensuring everyone understands the importance of rectifying the issues.
Audit / evidence tips
-
Askthe network scanning schedule: Request a document that outlines the planned dates for monthly network scans
Goodis a calendar showing recurring monthly scan dates
-
Askto see the scan tool or software licence: Request evidence that the scanning tool is up to date and properly licensed
Goodincludes a current licence document and recent update log
-
Asksample scan reports: Request example reports from previous scans
Goodincludes reports showing identified issues and resolution notes
-
Askthe storage location of scan results: Request to see where the scan results are saved
Goodwould show a protected server location with restricted access permissions
-
Askabout follow-up actions taken: Request documentation that details what actions have been taken in response to scan findings
Goodincludes a log or report showing completed follow-up actions
Cross-framework mappings
How ISM-1875 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.12 | ISM-1875 requires networks be scanned at least monthly to identify credentials stored in clear text | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.