ISM-1896 policy ASD Information Security Manual (ISM)

Enable Memory Integrity for Credential Protection

Ensure memory integrity is activated to safeguard credential data.

Preventative ML3 NC OS P ASD Information Security ManualGuidelines for system hardening credentials hardening

record_voice_over

Plain language

This control is about making sure your computer's memory is protected to keep your password and other important data safe. If you don't turn on this feature, hackers might be able to steal sensitive information and misuse it, which could lead to identity theft or financial loss.

01 - Overview

Framework

ASD Information Security Manual (ISM)

Control effect

Preventative

Classifications

NC, OS, P, S, TS

ISM last updated

Nov 2023

Control Stack last updated

19 Mar 2026

E8 maturity levels

ML3

Guideline

Guidelines for system hardening

Section

Authentication hardening

Topic

Protecting Credentials

Official control statement

Memory integrity functionality is enabled.

policy ASD Information Security Manual (ISM) ISM-1896

priority_high

Why it matters

Without memory integrity, credential theft becomes easier, increasing the risk of identity fraud and potential financial losses for the organisation.

settings

Operational notes

Validate Memory Integrity (Core isolation) remains enabled after OS/driver updates, and alert on any setting changes.

02 - Implement

build

Implementation tips

System owners should work with the IT team to enable memory integrity on all computers. This involves accessing system settings and ensuring that the feature is turned on. The IT team can provide step-by-step guidance if needed.
Managers should prioritise discussing memory integrity during team meetings. Encourage employees to check if this setting is enabled on their devices and provide assistance where needed.
The IT team should regularly update the operating system to support memory integrity. This may involve scheduling updates and ensuring all devices run the latest software versions.
HR should inform new hires about the importance of memory integrity during onboarding. Provide a simple guide on checking this setting and where to get help if they are uncertain.
Procurement should consider memory integrity compatibility when buying new hardware. Ensure new devices have this capability and that it's activated as part of the setup process.

03 - Audit

fact_check

Audit / evidence tips

AskA list of devices with memory integrity enabled: Request evidence that shows this security feature is active on all relevant systems GoodEach entry confirms the feature is enabled with the date it was last checked
AskRecent operating system updates schedule: Request records of when updates have been installed across the organisation's devices GoodA log showing regular updates with the necessary patches to support memory integrity
AskStaff training materials about memory integrity: Request the documentation used for training employees on this topic GoodMaterials that clearly explain the importance of memory integrity and how employees should ensure it's activated
AskNew equipment purchase records: Request documentation that includes specifications for new hardware requiring memory integrity GoodRecords showing that all new devices can enable this feature and that it's part of the purchasing criteria
AskOnboarding checklists: Request the documentation used during new employee orientation GoodChecklists that show new hires are informed about this feature and have steps to activate it during their setup

04 - Mappings

link

Cross-framework mappings

How ISM-1896 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.

ISO 27001

Control	Notes	Details
layers Partially meets (1) expand_less
Annex A 8.1	ISM-1896 requires enabling memory integrity functionality as a specific technical safeguard to protect credentials from memory-based atta...

E8

Control	Notes	Details
handshake Supports (3) expand_less
E8-RA-ML3.5	ISM-1896 requires memory integrity functionality to be enabled to harden the OS against in-memory credential theft
E8-RA-ML3.6	ISM-1896 requires memory integrity functionality to be enabled to reduce the risk of credential theft via memory inspection or kernel tam...
E8-RA-ML3.7	ISM-1896 requires memory integrity functionality to be enabled to protect credentials from being accessed or altered in memory
link Related (1) expand_less
E8-RA-ML3.4	E8-RA-ML3.4 requires memory integrity functionality to mitigate memory-based attacks and unauthorised code execution

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.