Training for Gateway System Administrators
Gateway system admins must be formally trained to operate and manage the gateways effectively.
Plain language
This control ensures that people responsible for managing gateway systems are properly trained. It's important because, without the right training, system administrators might not handle the gateways effectively, leading to security vulnerabilities that could let hackers exploit the systems.
Framework
ASD Information Security Manual (ISM)
Control effect
Proactive
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
System administrators for gateways are formally trained on the operation and management of gateways.
Why it matters
Inadequately trained gateway admins increase the risk of configuration errors, leading to unintentional exposure of sensitive data and potential system compromise.
Operational notes
Maintain formal gateway admin training with refresher cycles; include rule changes, logging/monitoring, patching, and secure configuration of gateway features.
Implementation tips
- System administrators should attend formal training courses specifically focused on managing and maintaining gateway systems. They can enrol in workshops or courses provided by recognised organisations like the ACSC (Australian Cyber Security Centre) to ensure they get up-to-date knowledge.
- Managers should organise regular refresher training sessions for system administrators. This can be done annually or biannually, using online courses or in-house training sessions, to keep everyone informed of any new developments in gateway technology.
- Supervisors should create a skills assessment checklist for all gateway system administrators. By evaluating current skills and knowledge against the needs of the system, they can identify gaps and arrange targeted training sessions.
- HR departments should maintain records of all gateway training sessions attended by system administrators. This includes details about the provider, date, and content of the training to ensure compliance and readiness.
- IT teams should facilitate group learning sessions where system administrators can share experiences and strategies for managing gateways. Encourage administrators to discuss challenges and solutions, fostering peer-to-peer learning and collaboration.
Audit / evidence tips
-
Askthe training records of each gateway system administrator
Goodincludes certificates from reputable training providers and recent completion dates
-
Goodlist shows regular and diverse training relevant to the specific gateway systems in use
-
Askfeedback collected from system administrators about their training sessions. Evaluate any reported gaps or suggestions for further training. Positive feedback and actionable improvements suggest effective training programs
Cross-framework mappings
How ISM-0612 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 6.3 | ISM-0612 requires that system administrators for gateways are formally trained on the operation and management of those gateways | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.