Enable Remote Credential Guard for Credential Protection
Activating Remote Credential Guard helps prevent unauthorised access to security credentials.
Plain language
Activating Remote Credential Guard is like locking up your sensitive keys to make sure only the right people get to use them. This helps prevent someone from sneaking in and accessing your secure information, which could lead to data breaches or financial loss.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2023
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML3
Guideline
Guidelines for system hardeningSection
Authentication hardeningTopic
Protecting CredentialsOfficial control statement
Remote Credential Guard functionality is enabled.
Why it matters
Without Remote Credential Guard, RDP logons can expose reusable credentials, enabling credential theft and lateral movement across Windows hosts.
Operational notes
Enforce Remote Credential Guard via Group Policy for all RDP clients/hosts and confirm RDP settings do not permit fallback to standard credential delegation.
Implementation tips
- IT team should review current remote access policies: They need to identify all systems where credential protection is essential, focusing on those accessed remotely. Ensure these systems have Remote Credential Guard enabled by checking settings in the system configuration.
- System administrators should enable Remote Credential Guard on Windows devices: This involves accessing group policy settings on each device and activating the Remote Credential Guard feature. Follow Microsoft's step-by-step guide to configure this correctly.
- IT team should conduct a test: After enabling, run remote access scenarios to confirm that Remote Credential Guard activates when expected. Use a test environment to safely verify configurations work as intended before full deployment.
- Managers should communicate the change to all relevant staff: Explain why this change is important and how it enhances security. Provide simple guidance on any new steps for remote access they should follow or be aware of.
- IT security officer should document the activation process: Keep records of configurations, systems affected, and who verified the setup. This documentation will be useful for audits and future troubleshooting.
Audit / evidence tips
- AskThe list of systems where Remote Credential Guard is enabled: Request documentation listing all applicable systems and their current configuration status GoodShows all high-risk systems clearly identified with confirmed activation
- AskTo see a live or recorded demonstration illustrating how credentials are protected during remote access sessions GoodIncludes clear evidence of its operation during remote login attempts
- AskRecords of configuration changes: Obtain change logs or records documenting when and by whom Remote Credential Guard was enabled GoodShows timely implementation, with IT personnel names and dates clearly indicated
- AskEmails, memos, or training documents related to Remote Credential Guard activation GoodIncludes easy-to-understand communication explaining the change and any necessary actions by staff
- GoodIncludes successful test results demonstrating operational functionality without negatively impacting user access
Cross-framework mappings
How ISM-1897 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
E8
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (2) expand_less | ||
| E8-RA-ML3.5 | ISM-1897 requires enabling Remote Credential Guard to limit credential exposure when users access systems remotely | |
| E8-RA-ML3.6 | ISM-1897 requires enabling Remote Credential Guard to prevent exposure of credentials during remote connections | |
| link Related (1) expand_less | ||
| E8-RA-ML3.7 | ISM-1897 requires that Remote Credential Guard functionality is enabled to protect credentials during remote authentication | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.