Privileged accounts cannot access their own backups
Ensure accounts with special access cannot view their own backup data.
Plain language
This control is about making sure that users with special access rights, like managers or IT staff, can't see or touch the backup copies of their own files. This is important because if someone managed to break into these privileged accounts, they could alter or delete backup data, making recovery impossible after a security incident.
Framework
ASD Essential Eight
Control effect
Preventative
E8 mitigation strategy
Regular backups
Classifications
N/A
Official last update
N/A
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML3
Official control statement
Privileged accounts (excluding backup administrator accounts) cannot access their own backups.
Why it matters
If privileged accounts can access their own backups, attackers can delete logs, hide breaches, and sabotage recovery using stolen admin credentials.
Operational notes
Limit backup access to designated backup administrator accounts only. Enforce separate credentials, deny self-access, and regularly review backup ACLs and audit logs.
Implementation tips
- WHO: The IT team. WHAT: Set up access controls. HOW: Use software settings to block privileged accounts from accessing their own backup data.
- WHO: The system administrator. WHAT: Implement role-based access restrictions. HOW: Ensure that only designated backup administrators can view the backup data of any accounts.
- WHO: The IT support person. WHAT: Regularly review access logs. HOW: Check that there are no unauthorised attempts from privileged accounts trying to access their own backups.
- WHO: The security officer. WHAT: Conduct training sessions. HOW: Teach employees why it's important to restrict access to backup data and how this helps in preventing data corruption or loss.
Audit / evidence tips
-
AskCan you show how privileged access to backup data is restricted?
GoodAccess controls clearly prevent privileged accounts from accessing their own backups
-
AskWhat measures are in place to prevent unauthorised access?
GoodLogs indicate no instances of privileged accounts accessing their own backups
-
AskHow often are access controls reviewed?
GoodAccess controls are reviewed monthly and any issues are promptly addressed
Cross-framework mappings
How E8-RB-ML3.2 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ASD ISM
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| ISM-1928 | E8-RB-ML3.2 requires privileged accounts (excluding backup administrator accounts) cannot access their own backups to reduce the risk of ... | |
| sync_alt Partially overlaps (1) expand_less | ||
| ISM-1813 | ISM-1813 requires that unprivileged user accounts cannot access their own backup data | |
| handshake Supports (2) expand_less | ||
| ISM-1708 | ISM-1708 requires that backup administrator accounts are prevented from modifying or deleting backups during their retention period | |
| ISM-1811 | E8-RB-ML3.2 mandates that privileged accounts (excluding backup administrator accounts) cannot access their own backups | |
| link Related (1) expand_less | ||
| ISM-1706 | E8-RB-ML3.2 requires that privileged accounts (other than backup administrator accounts) are unable to access their own backups | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.