Enable Memory Integrity for Credential Protection
Ensure memory integrity is activated to safeguard credential data.
Plain language
This control is about making sure your computer's memory is protected to keep your password and other important data safe. If you don't turn on this feature, hackers might be able to steal sensitive information and misuse it, which could lead to identity theft or financial loss.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2023
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML3
Guideline
Guidelines for system hardeningSection
Authentication hardeningTopic
Protecting CredentialsOfficial control statement
Memory integrity functionality is enabled.
Why it matters
Without memory integrity, credential theft becomes easier, increasing the risk of identity fraud and potential financial losses for the organisation.
Operational notes
Validate Memory Integrity (Core isolation) remains enabled after OS/driver updates, and alert on any setting changes.
Implementation tips
- System owners should work with the IT team to enable memory integrity on all computers. This involves accessing system settings and ensuring that the feature is turned on. The IT team can provide step-by-step guidance if needed.
- Managers should prioritise discussing memory integrity during team meetings. Encourage employees to check if this setting is enabled on their devices and provide assistance where needed.
- The IT team should regularly update the operating system to support memory integrity. This may involve scheduling updates and ensuring all devices run the latest software versions.
- HR should inform new hires about the importance of memory integrity during onboarding. Provide a simple guide on checking this setting and where to get help if they are uncertain.
- Procurement should consider memory integrity compatibility when buying new hardware. Ensure new devices have this capability and that it's activated as part of the setup process.
Audit / evidence tips
-
Aska list of devices with memory integrity enabled: Request evidence that shows this security feature is active on all relevant systems
GoodEach entry confirms the feature is enabled with the date it was last checked
-
Askrecent operating system updates schedule: Request records of when updates have been installed across the organisation's devices
GoodA log showing regular updates with the necessary patches to support memory integrity
-
Askstaff training materials about memory integrity: Request the documentation used for training employees on this topic
GoodMaterials that clearly explain the importance of memory integrity and how employees should ensure it's activated
-
Asknew equipment purchase records: Request documentation that includes specifications for new hardware requiring memory integrity
GoodRecords showing that all new devices can enable this feature and that it's part of the purchasing criteria
-
Askonboarding checklists: Request the documentation used during new employee orientation
GoodChecklists that show new hires are informed about this feature and have steps to activate it during their setup
Cross-framework mappings
How ISM-1896 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.1 | ISM-1896 requires enabling memory integrity functionality as a specific technical safeguard to protect credentials from memory-based atta... | |
E8
| Control | Notes | Details |
|---|---|---|
| handshake Supports (3) expand_less | ||
| E8-RA-ML3.5 | ISM-1896 requires memory integrity functionality to be enabled to harden the OS against in-memory credential theft | |
| E8-RA-ML3.6 | ISM-1896 requires memory integrity functionality to be enabled to reduce the risk of credential theft via memory inspection or kernel tam... | |
| E8-RA-ML3.7 | ISM-1896 requires memory integrity functionality to be enabled to protect credentials from being accessed or altered in memory | |
| link Related (1) expand_less | ||
| E8-RA-ML3.4 | E8-RA-ML3.4 requires memory integrity functionality to mitigate memory-based attacks and unauthorised code execution | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.