Privileged environments are not virtualised within unprivileged environments
Ensure that secure environments are not run within less secure ones.
Plain language
This control is about making sure that our secure computer environments aren’t run within less secure ones. Imagine putting a secure, locked box inside a flimsy, open one. If someone breaks into the outer box, they could easily get into the inner one. This control keeps our most important parts of the system safe from prying eyes and potential attacks.
Framework
ASD Essential Eight
Control effect
Preventative
E8 mitigation strategy
Restrict administrative privileges
Classifications
N/A
Official last update
N/A
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML2
Official control statement
Privileged operating environments are not virtualised within unprivileged operating environments.
Why it matters
Running privileged VMs inside unprivileged hosts increases the chance a host compromise leads to privileged environment takeover and data exposure.
Operational notes
Audit hypervisor and VM configs to ensure privileged environments are never nested or hosted within unprivileged environments; remediate any exceptions found.
Implementation tips
- The IT team should identify all current instances where privileged environments might be run within unprivileged environments by conducting a thorough review of the virtualisation setups across the organisation.
- The system administrator should ensure that separate virtual machines are used for privileged environments, thereby preventing them from being nested within less secure environments. This can be achieved by configuring servers to run different virtual machines based on user privilege levels.
- Security officers should regularly review virtualisation practices to ensure compliance with security policies. They can do this by scheduling monthly audits of virtual machine configurations.
- The IT manager should establish a policy that mandates the separation of privileged and unprivileged virtual environments. This can be done by updating the organisation's IT security policy and distributing it to all relevant personnel.
Audit / evidence tips
- AskWhat measures are in place to ensure that privileged environments are not virtualised within unprivileged environments?
- GoodConfigurations ensure privileged environments are separate, with documented policies and regular checks in place to maintain separation
Cross-framework mappings
How E8-RA-ML2.3 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (1) expand_less | ||
| Annex A 8.31 | Annex A 8.31 requires organisations to separate and secure development, test and production environments | |
ASD ISM
| Control | Notes | Details |
|---|---|---|
| handshake Supports (5) expand_less | ||
| ISM-1380 | E8-RA-ML2.3 requires that privileged operating environments are not virtualised within unprivileged operating environments to maintain st... | |
| ISM-1400 | ISM-1400 requires enforced separation of classified data and personal data on privately-owned devices accessing OFFICIAL: Sensitive or PR... | |
| ISM-1461 | ISM-1461 requires same-classification and same-security-domain co-tenancy when virtualising SECRET or TOP SECRET environments on shared p... | |
| ISM-1689 | E8-RA-ML2.3 requires that privileged operating environments are not virtualised within unprivileged operating environments to avoid expos... | |
| ISM-1958 | E8-RA-ML2.3 mandates that privileged environments are not virtualised within unprivileged environments to reduce admin context exposure | |
| link Related (1) expand_less | ||
| ISM-1687 | E8-RA-ML2.3 requires that privileged operating environments are not virtualised within unprivileged operating environments to prevent pri... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.