Disable SMBv1 Protocol on Networks
Ensure SMB version 1 is not active on network systems to enhance security.
Plain language
Disabling the SMB version 1 protocol on your network means turning off an old way computers used to share files with each other. This matters because keeping it on is like leaving the back door open; cyber attackers can use it to get into your systems and steal or damage your information.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2024
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for networkingSection
Network design and configurationOfficial control statement
SMB version 1 is not used on networks.
Why it matters
Leaving SMBv1 enabled allows attackers to exploit known vulnerabilities for data theft, disruption or ransomware attacks.
Operational notes
Regularly verify SMBv1 is disabled on all hosts; enforce via GPO/baselines and audit to prevent re-enablement.
Implementation tips
- The IT team should disable SMB version 1 on all network systems. To do this, they need to update each system's settings or use a central network management tool to turn off this feature network-wide.
- Managers should ensure their teams are aware of this change in file-sharing methods. They can do this by communicating the new processes for file sharing that replace the old methods relying on SMB version 1.
- The system administrator should review current software and devices that might still use SMB version 1. They should list these items and explore alternatives or updates that support newer, more secure versions of the protocol.
- The IT team should conduct a network scan to detect any instance of SMB version 1 still in use. This can be done using network security software that identifies outdated protocols and advises on necessary adjustments.
- Managers and office staff should be trained on why SMB version 1 is being disabled and what new practices they should adopt instead. This can be done through brief training sessions or circulating simple guides and checklists.
Audit / evidence tips
-
Askthe network configuration report: Request a report showing the protocol settings for the organisation's network systems. Look to check that SMB version 1 is not active on any system
Goodis a report showing all systems with only supported versions of the SMB protocol enabled
-
Aska list of software and devices that used SMB version 1: Request documentation that lists any systems or devices previously using SMB version 1. Look to ensure all listed items have been updated or replaced
Goodincludes confirmation of updates or replacements, with no item relying on SMB version 1
-
Asknetwork scan results: Request the latest scan report detailing network settings and protocol use
Goodis a clear report indicating all systems are compliant with updated SMB protocols
-
Askabout communication plans: Request records of how the organisation communicated changes about SMB version 1 to staff
Goodincludes detailed communication efforts ensuring all staff understand the changes
-
Asktraining records: Request documents showing staff training on the new file-sharing methods. Look to see if all relevant staff attended the training and understood the changes
Goodis complete attendance records and feedback demonstrating staff understanding of the new protocols
Cross-framework mappings
How ISM-1962 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| Annex A 8.20 | ISM-1962 requires SMB version 1 to not be used on organisational networks by disabling the legacy SMBv1 protocol | |
| Annex A 8.21 | ISM-1962 requires SMB version 1 to not be used on networks, reducing exposure to known weaknesses in legacy file-sharing services | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.