Only jump servers can communicate with assets requiring administrative activities to be performed.
Topic
Administrative infrastructure
Applicable to
all
History
Priority
must
Dec 2023
Removed
The existing control relating to only privileged operating environments being able to communicate with jump servers, along with the existing control relating to only jump servers being able to communicate with assets requiring remote administration, were replaced with a new control recommending network devices that do not belong to administrative infrastructure be prevented from initiating connections with administrative infrastructure. [ISM-1381, ISM-1388, ISM-1899]
Mar 2022
Only jump servers can communicate with assets requiring administrative activities to be performed.
The security of administrative activities can be improved by segregating administrative infrastructure from an organisation’s wider network. In doing so, the use of a jump server (also known as a jump host or jump box) can be an effective way of simplifying and securing administrative activities. Furthermore, using separate jump servers for the administration of critical servers, high-value servers and regular servers can further assist in protecting these assets.
2015
Agencies must ensure that jump servers are prevented from communicating to assets andsending and receiving traffic not related to administrative purposes.