ISM-1842 policy ASD Information Security Manual (ISM)

Use Privileged Accounts for Domain Machine Addition

Special accounts are used for adding computers to the network for security purposes.

Preventative NC OS P ASD Information Security ManualGuidelines for system hardening privileged access admin accounts

record_voice_over

Plain language

This control is about using special accounts with extra privileges to add computers to your network. It's like having a trusted person to do the important job of letting new devices join your secure group. If you don't use these trusted accounts, unauthorised devices could sneak in, causing data breaches or disrupting operations.

01 — Overview

Framework

ASD Information Security Manual (ISM)

Control effect

Preventative

Classifications

NC, OS, P, S, TS

ISM last updated

Aug 2024

Control Stack last updated

19 Mar 2026

E8 maturity levels

N/A

Guideline

Guidelines for system hardening

Section

Server application hardening

Topic

Microsoft Active Directory Domain Services Account Hardening

Official control statement

Dedicated privileged service accounts are used to add machines to the domain.

policy ASD Information Security Manual (ISM) ISM-1842

priority_high

Why it matters

If non-privileged accounts can add machines to the domain, unauthorised hosts may join, enabling credential theft and lateral movement.

settings

Operational notes

Use a dedicated privileged service account for domain joins, restrict who can use it, and routinely audit domain-add events for misuse.

02 — Implement

build

Implementation tips

The IT team should identify which accounts in the system have the special privileges needed for adding computers to the domain. They should ensure that these accounts are used only for this purpose and are secure with strong passwords or other authentication methods.
Managers should ensure their team members understand the importance of only using these privileged accounts for adding devices. This can be done through training sessions explaining why extra security measures are necessary.
System administrators should monitor who is using these privileged accounts and when. They should regularly review the logs to detect any unusual activity, such as attempts to add too many devices or at odd hours.
The organisation's security manager should review the policy for using privileged accounts at least once a year. They should check whether the guidelines are still being followed by everyone and update them to adapt to any changes in the network structure.
HR should collaborate with IT to ensure that when someone with access to these privileged accounts leaves the organisation, their access is immediately revoked to prevent any unauthorised use of the accounts.

03 — Audit

fact_check

Audit / evidence tips

Aska list of privileged accounts: Request a document that identifies all accounts with the capability to add devices to the domain

Goodis a document listing each account, the person responsible, and the security measures applied
Asktraining records: Request records of training sessions provided to staff about using privileged accounts

Goodis a complete record showing regular training with specific focus on security practices
Askaccount usage logs: Request logs that show how and when privileged accounts have been used

Goodis logs with normal activity patterns and no security breaches
Askpolicy documents: Request the current policies regarding privileged account usage

Goodis a policy document that is detailed, up-to-date, and approved by management
Askto see account revocation process: Request a document explaining the process for removing access when employees leave the organisation

Goodis a document that outlines a timely and secure access revocation process

04 — Mappings

link

Cross-framework mappings

How ISM-1842 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.

ISO 27001

Control	Notes	Details
link Related (1) expand_less
Annex A 8.2	Annex A 8.2 requires privileged access rights to be restricted and managed so only authorised entities can perform high-impact actions

E8

Control	Notes	Details
layers Partially meets (1) expand_less
E8-RA-ML1.2	E8-RA-ML1.2 requires privileged users to use dedicated privileged accounts exclusively for administrative tasks
sync_alt Partially overlaps (1) expand_less
E8-RA-ML2.5	ISM-1842 requires dedicated privileged service accounts to add machines to the domain, reducing exposure from using standard or personal ...

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.