E8-RB-ML1.6 bolt ASD Essential Eight

Prevent unprivileged accounts from modifying and deleting backups

Ensure non-admin users cannot change or remove backup files.

Preventative ML1 Essential EightRegular backups backup access control

record_voice_over

Plain language

This control is about making sure that regular staff members can't change or delete important backup files. Just think about how bad it would be if a virus or a mistake wiped out all your company's critical data. These backups are your safety net, and you want only trusted staff to have the power to alter them.

01 - Overview

Framework

ASD Essential Eight

Control effect

Preventative

E8 mitigation strategy

Regular backups

Classifications

N/A

Official last update

N/A

Control Stack last updated

19 Mar 2026

E8 maturity levels

ML1

Official control statement

Unprivileged accounts are prevented from modifying and deleting backups.

bolt ASD Essential Eight E8-RB-ML1.6

priority_high

Why it matters

Without this control, insiders or malware could modify or delete backups, preventing recovery after ransomware or outages and causing major data loss.

settings

Operational notes

Restrict backup delete/modify rights to backup admins only; enforce separate accounts/MFA and regularly audit permissions to keep backups immutable.

02 - Implement

build

Implementation tips

IT team: Review user permissions on the backup system to ensure that only administrators can modify or delete backup files. Use permission settings in the backup software to enforce this.
System administrator: Set up alerts to notify when backup files are accessed or attempted to be modified. Use available logging features in the backup management tool to monitor access.
Security officer: Regularly audit user accounts and their permissions to ensure compliance with backup access policies. Conduct this review quarterly.
IT team: Use encryption for backup files so that even if accessed, they cannot be easily modified or corrupted. Set up encryption through the backup system settings.

03 - Audit

fact_check

Audit / evidence tips

AskWhat measures are in place to prevent non-admin users from modifying backups?
GoodLogs show that only admin accounts have write permissions on backups, and logs are routinely checked for unauthorised access attempts
AskHow often are user permissions reviewed?
GoodPermissions for backup access are reviewed every three months, with documented outcomes

04 - Mappings

link

Cross-framework mappings

How E8-RB-ML1.6 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.

ISO 27001

Control	Notes	Details
handshake Supports (2) expand_less
Annex A 5.33	Annex A 5.33 requires records to be protected against loss, destruction, falsification, unauthorised access and unauthorised release
Annex A 8.13	E8-RB-ML1.6 requires that unprivileged accounts are prevented from modifying and deleting backups
link Related (1) expand_less
Annex A 5.15	Annex A 5.15 requires access control policies and procedures that govern who can access and change information and systems

ASD ISM

Control	Notes	Details
layers Partially meets (1) expand_less
ISM-1811	E8-RB-ML1.6 requires that unprivileged accounts are prevented from modifying and deleting backups
sync_alt Partially overlaps (3) expand_less
ISM-1707	E8-RB-ML1.6 requires that unprivileged accounts are prevented from modifying and deleting backups
ISM-1708	E8-RB-ML1.6 requires that unprivileged accounts are prevented from modifying and deleting backups
ISM-1928	E8-RB-ML1.6 requires that unprivileged accounts are prevented from modifying and deleting backups
link Related (1) expand_less
ISM-1814	E8-RB-ML1.6 requires that unprivileged accounts are prevented from modifying and deleting backups

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.