Secure Management Paths for Network Gateways
Gateways are managed separately from any networks they are connected to ensure security.
Plain language
This control is about keeping network gateways, which help manage internet traffic in and out of your business, secure by ensuring they are maintained separately from the rest of your computer network. If this isn't done, a malicious attack on your network could easily spread to your gateways, causing potential data breaches or system downtime.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Gateways are managed via a secure path isolated from all connected networks.
Why it matters
Without an isolated secure management path, attackers from connected networks can access gateway admin interfaces, leading to compromise and outages.
Operational notes
Regularly confirm gateway management is isolated (OOB/VLAN), restrict admin access, and block management ports from all connected networks.
Implementation tips
- IT team should set up a separate management network for gateways. This involves creating a dedicated network space that is not used for any other tasks except managing gateways, ensuring they aren't accessed from the main business network.
- System owner should ensure all gateway management is conducted from secure and authorised devices only. This means using computers that are specially approved and equipped with up-to-date security measures to access the gateways.
- Manager should establish clear policies on who can access the secure management paths. Document a list of personnel authorised to manage the gateways and ensure this list is kept up-to-date and reviewed regularly.
- IT team should regularly test the security of the management paths. Conduct security audits by simulating common attack scenarios to ensure that the management paths are adequately protected and cannot be easily breached.
- The procurement team should choose gateway management tools that support isolation. This means selecting software solutions that have built-in features for separating management functions from main network activities.
Audit / evidence tips
-
Asknetwork diagrams showing the separation of management paths: Request updated diagrams that outline how management paths are kept separate from the main network
Goodclear, highlighted paths showing physical or virtual separation
-
Askaccess logs to the secure management paths: Request logs of who accessed the management paths and when
-
Askthe list of authorised personnel: Request the documented list of people allowed to manage the gateways
-
Askthe security audit reports of management paths: Request the most recent reports from security assessments of the gateways
-
Askdocumentation of gateway management tools selection: Request records of the criteria used for selecting gateway management tools
Gooddocumented criteria with clear emphasis on secure management requirements
Cross-framework mappings
How ISM-1774 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.20 | ISM-1774 requires gateways to be managed via a secure management path that is isolated from all connected networks | |
| sync_alt Partially overlaps (1) expand_less | ||
| Annex A 8.22 | ISM-1774 requires gateways to be managed over a secure path isolated from networks the gateway connects to (i.e., separation of the manag... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.