Prevent privileged accounts from accessing others' backups
Ensure only backup administrators can access all backup data.
Plain language
This control is about making sure that only the backup administrators can access all the backup data, including those from other privileged accounts. This is important to prevent unauthorised access to sensitive data and to protect it from being tampered with or deleted, which could cause major disruptions to the business.
Framework
ASD Essential Eight
Control effect
Preventative
E8 mitigation strategy
Regular backups
Classifications
N/A
Official last update
N/A
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML2
Official control statement
Privileged accounts (excluding backup administrator accounts) cannot access backups belonging to other accounts.
Why it matters
If privileged accounts can access other users' backups, they can extract sensitive data or delete/alter backups, undermining recovery and causing disruption.
Operational notes
Regularly review backup repository ACLs so only backup administrator accounts can access others' backups; alert on privileged access and verify exemptions.
Implementation tips
- The IT team should identify who the backup administrators are. They need to ensure only these people have access to all backup data by setting specific permissions.
- System administrators should review account permissions regularly. They should ensure that privileged accounts do not have access to backups except for backup administrators.
- The security officer should implement policies that restrict access to backup systems. These policies should clearly state that only backup administrators are allowed such access.
- The IT team should use software tools to enforce these permissions. These tools can manage who has access to sensitive data and ensure compliance with policies.
Audit / evidence tips
-
AskWho has access to the backup data within your system?
-
GoodOnly backup administrators should be listed with access permissions to all backup data. Other privileged accounts should be excluded
-
AskHow do you ensure these restrictions are maintained over time?
-
GoodThere should be records of routine checks and adjustments to access permissions, ensuring ongoing compliance with the control
Cross-framework mappings
How E8-RB-ML2.1 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.2 | E8-RB-ML2.1 requires a specific privileged-access restriction: privileged accounts (excluding backup administrators) must not be able to ... | |
| handshake Supports (2) expand_less | ||
| Annex A 5.3 | E8-RB-ML2.1 requires separating duties so privileged accounts (other than backup administrators) cannot access other accounts’ backups | |
| Annex A 8.15 | E8-RB-ML2.1 requires enforcing access controls so privileged accounts (excluding backup administrators) cannot access others’ backups | |
ASD ISM
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| ISM-1928 | E8-RB-ML2.1 requires that privileged accounts (except backup administrator accounts) cannot access backups belonging to other accounts ac... | |
| sync_alt Partially overlaps (2) expand_less | ||
| ISM-1706 | ISM-1706 requires that privileged user accounts (excluding backup administrator accounts) cannot access their own backups | |
| ISM-1812 | ISM-1812 requires that unprivileged user accounts cannot access backups belonging to other user accounts | |
| link Related (1) expand_less | ||
| ISM-1705 | ISM-1705 requires that privileged user accounts (excluding backup administrator accounts) cannot access backups belonging to other user a... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.