Use Secure Admin Workstations for Administration
Use special secure computers for admin tasks to protect sensitive data.
Plain language
Using secure admin workstations means setting up special, highly-protected computers for sensitive tasks like managing your business's IT systems. This is crucial because if regular computers are used for these tasks, a security breach could give hackers the keys to your digital kingdom, risking data theft or business disruption.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2023
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML3
Guideline
Guidelines for system managementSection
System administrationOfficial control statement
Secure Admin Workstations are used in the performance of administrative activities.
Why it matters
Without secure admin workstations, attackers can steal admin credentials and use privileged access to breach systems and compromise the network.
Operational notes
Use dedicated secure admin workstations only for privileged tasks; prevent email/web use, enforce allow-listing, and keep them patched and isolated from user endpoints.
Implementation tips
- IT team should identify which computers will be designated as secure admin workstations. They can do this by selecting machines that are used exclusively for administrative duties and ensuring they don't have any unnecessary software that could introduce vulnerabilities.
- System owners should work with IT to configure secure admin workstations. This means setting them up with only essential software, applying strict security settings, and ensuring they are isolated from non-admin network areas.
- Managers should create a policy that defines what tasks must be conducted on secure admin workstations. This involves listing specific activities like server management and database access for clarity and compliance.
- Managers and IT should ensure only authorised personnel can use secure admin workstations. Assign a small group of trusted employees to have access and regularly review and update who these people are.
- HR and IT should implement a training programme for employees using secure admin workstations. This includes teaching them about the importance of using these machines correctly and how to recognise potential security threats.
Audit / evidence tips
-
Askthe list of designated secure admin workstations
Goodan up-to-date list aligned with the latest inventory records
-
Gooda detailed policy with specific tasks and roles defined
-
Askaccess logs of the secure admin workstations. Check for consistency with authorised user lists and unusual access patterns
Goodlogs showing only authorised users have accessed the workstations at expected times
-
Goodcomprehensive records indicating all users have up-to-date training
-
Asksecurity configurations documentation of the secure admin workstations
Goodconfigurations showing minimum necessary software and restricted network access
Cross-framework mappings
How ISM-1898 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.1 | ISM-1898 requires a specific endpoint type (Secure Admin Workstations) to be used for administrative activities to protect privileged act... | |
| handshake Supports (1) expand_less | ||
| Annex A 8.2 | ISM-1898 requires Secure Admin Workstations for administrative activities to reduce the likelihood of privileged access being abused or s... | |
E8
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (1) expand_less | ||
| E8-RA-ML2.4 | E8-RA-ML2.4 requires administrative activities to be conducted through jump servers to control and monitor privileged management access | |
| handshake Supports (1) expand_less | ||
| E8-RA-ML1.2 | ISM-1898 requires the use of Secure Admin Workstations for administrative activities to reduce compromise risk during privileged operations | |
| link Related (1) expand_less | ||
| E8-RA-ML3.2 | ISM-1898 requires Secure Admin Workstations to be used when performing administrative activities to reduce exposure of privileged actions... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.