Use Secure Admin Workstations for Administrative Tasks
Conduct admin activities on secure, dedicated workstations only.
Plain language
This control is all about making sure that people who manage and oversee important computer systems do their work on special, secure computers. It's crucial because if these administrative tasks are done on regular, less secure computers, there is a greater risk that malicious software or hackers could access and take control of these sensitive systems.
Framework
ASD Essential Eight
Control effect
Preventative
E8 mitigation strategy
Restrict administrative privileges
Classifications
N/A
Official last update
N/A
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML3
Official control statement
Secure Admin Workstations are used in the performance of administrative activities.
Why it matters
Without secure admin workstations, attackers can hijack admin sessions during privileged tasks, enabling domain-wide compromise and rapid lateral movement.
Operational notes
Confirm admin workstations are dedicated and isolated from user networks; regularly validate hardening, patching and application controls to prevent configuration drift.
Implementation tips
- The IT team should set up dedicated admin workstations by selecting computers with the latest security features and no unnecessary software installed.
- System administrators should ensure these workstations are only used for administrative tasks by configuring network permissions that prevent non-admin tasks.
- Security officers should regularly update the security software on these admin workstations through automated patches to keep them secure from known vulnerabilities.
- IT support staff should provide training for administrative staff on how to use these dedicated workstations effectively and safely, including guidance on recognising phishing attempts.
- The IT team should monitor the network to ensure that these admin workstations are not being used for other purposes, like browsing the web or checking personal emails.
Audit / evidence tips
-
AskAre there dedicated secure workstations set up for administrative tasks?
-
GoodThere should be a clear list and physical or digital distinction of machines used solely for administrative activities, supported by documentation
-
AskHow is the security of these workstations maintained and updated?
-
GoodRegular and recent updates are applied, with records showing a consistent schedule of patch management
Cross-framework mappings
How E8-RA-ML3.2 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ASD ISM
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (3) expand_less | ||
| ISM-0445 | ISM-0445 requires privileged users to have a dedicated privileged account used only for privileged tasks | |
| ISM-1387 | ISM-1387 requires that administrative activities are conducted through jump servers | |
| ISM-1750 | E8-RA-ML3.2 requires privileged administration to be performed from Secure Admin Workstations, separating admin activity from general use... | |
| handshake Supports (4) expand_less | ||
| ISM-1385 | E8-RA-ML3.2 requires administrative activities to be performed only from Secure Admin Workstations (SAWs) | |
| ISM-1731 | ISM-1731 requires planning and coordination of intrusion remediation to be conducted on a separate system from the compromised environment | |
| ISM-1827 | ISM-1827 requires domain controllers to be administered using dedicated domain administrator accounts that are not reused for other admin... | |
| ISM-1953 | ISM-1953 requires strong, unique and managed credentials for the built-in Administrator account in each domain | |
| extension Depends on (3) expand_less | ||
| ISM-0843 | E8-RA-ML3.2 requires administrative activities to be performed only from Secure Admin Workstations (SAWs) to reduce exposure to malware a... | |
| ISM-1341 | E8-RA-ML3.2 requires privileged administration to be conducted from Secure Admin Workstations to reduce compromise pathways | |
| ISM-1406 | E8-RA-ML3.2 requires administrative activities to be performed only from Secure Admin Workstations (dedicated, hardened endpoints) | |
| link Related (1) expand_less | ||
| ISM-1898 | ISM-1898 requires Secure Admin Workstations to be used when performing administrative activities to reduce exposure of privileged actions... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.