Use Jump Servers for Administrative Activities
Ensure all admin tasks are done through safer, intermediary servers to enhance security.
Plain language
A jump server is like an extra secure bridge that your IT team uses to safely access the main systems they need to manage. By making sure all admin tasks go through these special servers, you're adding a strong layer of protection against cyber criminals. Without this, hackers could more easily access the sensitive parts of your business systems, leading to data breaches or disruptions.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2021
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML2, ML3
Guideline
Guidelines for system managementSection
System administrationOfficial control statement
Administrative activities are conducted through jump servers.
Why it matters
Without jump servers, admin credentials traverse many hosts, increasing exposure to credential theft and enabling attacker lateral movement.
Operational notes
Monitor jump server access logs for unauthorised use, restrict admin tools to the jump host, and enforce MFA for all privileged sessions.
Implementation tips
- The IT team should set up dedicated jump servers. They should be configured to only allow access from authorised personnel using strong passwords or passphrases. This could involve setting up secure connections like VPNs or specific network rules that route admin traffic through the jump server.
- System administrators should conduct training sessions for all relevant staff on how to use the jump servers. The training should include login procedures and why using these servers is essential for security. Use clear guides and practical demonstrations so everyone understands.
- Managers should enforce policies requiring all administrative activities to go through the designated jump servers. Clearly communicate this policy through company emails and include it in any relevant staff training materials. Compliance can be tracked by monitoring system logs.
- IT security specialists should regularly monitor and audit the use of jump servers to ensure they are used correctly. This includes reviewing access logs to check for any suspicious activity, and confirming that all admin traffic is correctly routed through the jump servers.
- Once set up, the cyber security officer should periodically review the jump server setup against the latest Australian Cyber Security Centre (ACSC) guidelines to ensure they remain compliant with best practices. Updates might be needed to reflect changes in the threat landscape or organisational structure.
Audit / evidence tips
-
Askthe network architecture diagram showing jump server placement: Request a diagram that illustrates where jump servers are positioned in relation to other systems
Goodis a clear diagram showing all admin access is routed exclusively via jump servers
-
Askaccess logs from the jump server: Request logs that detail who has accessed the jump server and when
Goodis logs that show consistent use by authorised admin staff only, without unexplained gaps or anomalies
-
Askthe server configuration policy document: Request documentation that outlines the configuration and security settings of the jump servers
Goodincludes completed checklists or certificates from recent hardening assessments
-
Askstaff training records related to jump server use: Request evidence of training sessions held for admin staff on using jump servers
Goodincludes dated records showing recent and regular training sessions with all relevant staff listed as attendees
-
Aska policy document that mandates the use of jump servers for admin tasks: Request to see the official company policy document
Goodis a well-documented, easily accessible policy that includes a clear requirement for all admin activities to use jump servers
Cross-framework mappings
How ISM-1387 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
E8
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (1) expand_less | ||
| E8-RA-ML3.2 | ISM-1387 requires that administrative activities are conducted through jump servers | |
| handshake Supports (3) expand_less | ||
| E8-RA-ML1.5 | E8-RA-ML1.5 requires privileged users to use separate privileged and unprivileged operating environments to reduce exposure of admin acti... | |
| E8-RA-ML1.6 | E8-RA-ML1.6 requires that unprivileged accounts are prevented from logging on to privileged operating environments | |
| E8-RA-ML3.3 | ISM-1387 requires that administrative activities are conducted through jump servers | |
| link Related (1) expand_less | ||
| E8-RA-ML2.4 | ISM-1387 requires that administrative activities are conducted through jump servers | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.