Prevent Virtualisation of Privileged Environments
Privileged environments must not be virtualised within non-privileged ones to ensure security.
Plain language
This control means that parts of your computer systems that need the highest security should not be placed within less secure environments on the same system. This is important because if the secure parts aren't kept separate, it's easier for cybercriminals to get in and access sensitive information, potentially causing harm to your business and your reputation.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2021
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML2, ML3
Guideline
Guidelines for system managementSection
System administrationOfficial control statement
Privileged operating environments are not virtualised within unprivileged operating environments.
Why it matters
If privileged environments run inside unprivileged VMs, a compromise of the host or hypervisor can capture admin credentials and enable full system takeover.
Operational notes
Confirm privileged workstations/servers are not hosted as guests on unprivileged systems; review hypervisor inventories and alert on new VMs containing admin tools or accounts.
Implementation tips
- The IT team should ensure that any system configured with high-level security settings is kept separate from less secure areas of the network. They can do this by using different physical or virtual servers dedicated only to secure environments.
- System administrators should review system architecture to ensure that none of their critical applications are running within unprotected areas of the network. This involves examining where these applications are hosted and ensuring that they are only deployed in secure areas.
- The organisation's security officer should create a clear policy that outlines what constitutes a privileged environment and how these should be handled. This policy should be distributed and explained to relevant staff to ensure understanding.
- IT managers should conduct regular training sessions to inform staff about the importance of maintaining separate environments for secure data. This could involve workshops or online modules that explain the risks of poor separation.
- The IT team should implement monitoring tools to alert them if any secure environments are mistakenly placed within less secure ones. They should look for tools that provide real-time alerts so issues can be addressed immediately.
Audit / evidence tips
-
Aska network architecture diagram: Request a document that shows how the network is laid out, with clear markings for secure and unsecure areas
Gooddiagram will show clear boundaries and separate infrastructure for privileged environments
-
Asksystem configuration policies: Request the written policies that describe how systems should be configured and where they should be placed
Goodpolicy is clear, specific, and has been recently updated
-
Asklog outputs from any monitoring tools used to track system configurations
Goodlog will have regular checks and prompt corrective actions when issues are identified
-
Asktraining records: Request evidence of training sessions conducted with IT staff and administrators
Goodrecord will show regular sessions and comprehensive content involving all relevant staff
-
Askrecords of any incidents where configurations did not meet policy standards
Goodrecord shows thorough investigation and resolution with lessons learned applied
Cross-framework mappings
How ISM-1687 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
E8
| Control | Notes | Details |
|---|---|---|
| handshake Supports (2) expand_less | ||
| E8-RA-ML1.5 | E8-RA-ML1.5 requires privileged users to use separate privileged and unprivileged operating environments | |
| E8-RA-ML1.6 | E8-RA-ML1.6 requires that unprivileged accounts cannot logon to privileged operating environments | |
| link Related (1) expand_less | ||
| E8-RA-ML2.3 | E8-RA-ML2.3 requires that privileged operating environments are not virtualised within unprivileged operating environments to prevent pri... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.