Restrict Network Management Traffic Origin
Only authorised admin systems should manage network settings, ensuring security and control.
Plain language
This control means that only certain computers or systems that have been approved can make changes to your network settings. This is important because if anyone could change these settings, it could lead to unauthorized access or disruptions in your services, causing potential harm to your business operations.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 May 2026
E8 maturity levels
N/A
Guideline
Guidelines for system managementSection
System administrationOfficial control statement
Network management traffic can only originate from administrative infrastructure.
Why it matters
If network management traffic can originate from non-admin systems, attackers can gain device control, change configs, and disrupt routing/switching services.
Operational notes
Allow management protocols only from admin hosts/subnets (e.g., jump hosts) via ACLs and mgmt VLANs; block all other sources and log attempts.
Implementation tips
- IT team should designate specific computers or devices for network management tasks. They can do this by creating a list of approved devices and ensuring only these devices have the necessary software to access network settings.
- System administrators must ensure only authorised personnel use the designated devices. They can achieve this by setting up secure logins on these devices and training staff on proper usage protocols.
- Network managers should regularly update and review permissions for accessing management devices. They can do this by checking who is on the access list every quarter and removing anyone who no longer needs access.
- IT staff should install and maintain security software on all admin systems. This could involve installing antivirus programs and enabling firewalls to protect these systems from external threats.
- Managers should enforce strict policies on where and how admin systems are used. They should ensure that these devices are only used in secure, controlled environments and not for general internet browsing.
Audit / evidence tips
- AskThe list of designated admin systems GoodList is up-to-date with clear, specific entries that match organisational needs
- GoodLog will clearly show authorised access with timestamps and user identities
- AskThe security configuration of admin systems. Review software versions and security settings recorded GoodConfiguration would be current with all necessary security features enabled and documented
- GoodPolicy is comprehensive, outlining specific procedures for staff to follow
Cross-framework mappings
How ISM-1386 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| Annex A 8.3 | ISM-1386 requires that network management traffic can only originate from administrative infrastructure | |
| Annex A 8.20 | ISM-1386 requires that network management traffic can only originate from authorised administrative infrastructure | |
| sync_alt Partially overlaps (1) expand_less | ||
| Annex A 8.22 | ISM-1386 requires that network management traffic can only originate from administrative infrastructure | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.