Dedicated Accounts for Privileged User Activities
Privileged users must have separate accounts for administrative tasks to enhance security.
Plain language
This control is about making sure that people who manage important computer systems use special, dedicated accounts only for tasks that require high-level access. This matters because if these special accounts are misused or compromised, a hacker could gain control of critical systems, leading to data theft, system outages, or financial loss.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2024
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML1, ML2, ML3
Guideline
Guidelines for personnel securityOfficial control statement
Privileged users are assigned a dedicated privileged user account to be used solely for duties requiring privileged access.
Why it matters
Without dedicated privileged accounts, a compromised standard user account can be abused for admin actions, enabling data exfiltration and service disruption.
Operational notes
Use separate privileged accounts only for admin tasks; block email/web use on them and monitor logons to detect unauthorised privileged use.
Implementation tips
- IT team should create separate accounts: They need to set up dedicated admin accounts for each user who needs to perform privileged tasks. This can be done by going into the user management settings of your systems and creating new, distinct accounts specifically for admin purposes.
- Managers should establish guidelines: Managers should develop clear usage policies for these privileged accounts. This involves writing down when and how these accounts should be used and sharing this information with those who have access.
- HR should monitor privileged account access: HR should keep a list of which employees have access to privileged accounts and review this regularly. This can be done by conducting a periodic check of access logs and making sure that only the appropriate people have admin access.
- System Owners should review account activity: They need to regularly check the logs to see what activities are done using these accounts. This can be achieved by using logging features within the system to scrutinise account activities and flagging unusual patterns.
- Security team should train staff: They should conduct training sessions to educate users on the importance of using the dedicated accounts properly. This might involve running workshops or using online courses to highlight potential risks and correct behaviours.
Audit / evidence tips
-
Askthe list of privileged accounts: Request a document that details all privileged accounts and their purpose
Goodis a list that clearly shows which accounts are specifically set aside for admin tasks
-
Askthe written policies governing the use of these accounts
Goodis a policy document that has recent review dates and clear usage instructions
-
Askto see recent access logs: Request logs showing activities performed using privileged accounts over the last few months
Goodis a set of logs showing regular activity checks and no unexplained access issues
-
Aska staff training record: Request proof that users have been trained on privileged account use
Goodincludes participant lists and training materials focused on account security
-
Asknotes from any recent review meeting regarding privileged account usage
Goodwould include meeting notes with clear actions and results
Cross-framework mappings
How ISM-0445 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.2 | ISM-0445 requires organisations to assign privileged users a dedicated privileged account used solely for privileged activities | |
| sync_alt Partially overlaps (1) expand_less | ||
| Annex A 5.3 | Annex A 5.3 requires segregation of conflicting duties so a person cannot perform incompatible activities without detection or independen... | |
E8
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (3) expand_less | ||
| handshake Supports (5) expand_less | ||
| link Related (1) expand_less | ||
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.