diff --git a/windows/hardening/03-kernel-credential.ps1 b/windows/hardening/03-kernel-credential.ps1
index d72e833..4faff17 100644
--- a/windows/hardening/03-kernel-credential.ps1
+++ b/windows/hardening/03-kernel-credential.ps1
@@ -33,6 +33,6 @@ New-Item $ki -Force | Out-Null
 Set-ItemProperty $ki -Name DeviceEnumerationPolicy -Type DWord -Value 0   # block until authorized
 
 # TODO-M1: confirm msinfo32 reports VBS=Running + Credential Guard + HVCI after reboot;
-#          confirm whether Kernel DMA Protection shows On (IVRS bit) — open question §8.
+#          confirm whether Kernel DMA Protection shows On (IVRS bit) -- open question §8.
 
 Write-Host '   [D] policy set (VBS/HVCI/CredGuard/LSA-PPL/DMA). Effective after reboot.'