Ensure Secure Impersonation Logging Practices
Ensure no sensitive information is recorded in logs and permissions are correctly set when users can impersonate others.
Plain language
This control ensures that when someone in your organisation can act on behalf of another person, no private information gets recorded in logs. If not managed properly, it risks accidentally exposing sensitive data or causing unauthorised access to important parts of your system.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
May 2025
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for software developmentOfficial control statement
Where software allows user impersonation, sensitive data is not logged and appropriate permissions are set.
Why it matters
Insecure impersonation logging can record sensitive data (e.g. passwords, message content) and expose it to unauthorised users, causing data breaches.
Operational notes
Audit impersonation logs and events to confirm no sensitive fields are captured, and restrict log access to authorised roles with least privilege.
Implementation tips
- System Owners should check the logging settings: Make sure that logs do not store sensitive information like passwords or personal details when users impersonate others. Use your logging software's settings to filter out any data that shouldn't be recorded.
- IT Teams need to evaluate permissions: Ensure that only authorized personnel can impersonate other users by setting proper access permissions using clear, role-based guidelines. Review these permissions regularly to keep them current.
- Managers should implement training: Conduct workshops to teach staff about the importance of not logging sensitive data and understanding their role when given permission to impersonate others. Use real-world examples to highlight potential risks.
- Developers should configure software appropriately: Adjust the settings of any software that allows impersonation to disable logging of sensitive information. This may involve changing configurations or using specialised settings provided by the software vendor.
- HR should oversee access reviews: Periodically review who has permission to impersonate others and ensure it's still necessary for their role. Remove access for employees who no longer require it to perform their duties.
Audit / evidence tips
-
Askuser access logs: Request logs that show impersonation activity within the system
-
Askthe list of authorised impersonators: Request the document or list detailing who has been granted impersonation rights
-
Asktraining records: Request evidence of completed training sessions about impersonation and logging practices
-
Aska permissions audit report: Request documentation of recent checks on impersonation rights
-
Asksoftware configuration settings: Request the configuration files or settings that control impersonation features in software
Cross-framework mappings
How ISM-2046 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.26 | ISM-2046 demands that impersonation features do not result in sensitive data being logged, with appropriate permissions set on the logs | |
| sync_alt Partially overlaps (1) expand_less | ||
| Annex A 8.15 | ISM-2046 requires secure logging practices in impersonation scenarios, such as preventing sensitive data from being logged and ensuring a... | |
| handshake Supports (2) expand_less | ||
| Annex A 5.34 | ISM-2046 requires sensitive data not to be logged and ensures that permissions are set appropriately in software that allows user imperso... | |
| Annex A 8.3 | ISM-2046 requires systems with impersonation capability to prevent sensitive data from being logged and to enforce appropriate permission... | |
| extension Depends on (1) expand_less | ||
| Annex A 5.12 | ISM-2046 requires that sensitive data is not recorded in logs in software with impersonation capabilities, and that permissions are corre... | |
E8
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (1) expand_less | ||
| E8-AC-ML2.6 | ISM-2046 requires that where user impersonation is possible, sensitive data must not be logged and log permissions are set appropriately | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.