Skip to content Skip to site navigation

Privileged Access Workstation (PAW)

Increased security for high risk systems

In September 2024, rates will change for several technology services provided by University IT. View FY25 rate changes.

The Privileged Access Workstation (PAW) service has been retired. Users who manage high risk data or servers should use Cardinal Protect.  Please see the User Guide for more information.

A Privileged Access Workstation (PAW) is a dedicated computing environment for sensitive tasks that is protected from Internet attacks and other threat vectors.

A PAW separates these sensitive tasks and accounts from non-administrative computer use, such as email and web browsing.

Cardinal Protect eliminates the need for a separate Privileged Access Workstation (PAW) device to access administrative accounts and manage high-risk systems. To learn more about or to request Cardinal Protect, submit a Request.


A PAW has the following characteristics:

  • Dedicated hardened systems that provide high security assurance for sensitive accounts and tasks
  • Built on trusted hardware with clean source media, instrumented and monitored for full visibility
  • Includes expedited and automated patching of security updates to ensure system security

System Administrators and other PAW users who want to simplify to one device for all their work should use Cardinal Protect.

Designed for

Limited to specific teams who are still required to use a PAW for managing critical infrastructure. See the User Guide for more information.


A Stanford-managed server running a supported operating system.

Data security

May be used with Low, Moderate, and High Risk Data, as defined by the Information Security Office.


Departments are responsible for the cost of PAW hardware (a laptop computer). There is no additional cost associated with the use of the service.

Get started

Users who manage high risk data or servers should use Cardinal Protect. If you are unsure which service you should use, request a Cardinal Protect system. 

For the UIT teams that still require PAW for managing critical infrastructure, request a PAW.

You will be contacted to arrange a hardware hand-off and configuration of the necessary credentials for its use. Your department will need to provide the computer that will become the PAW. Hardware prerequisites are as follows:

  • Any in-warranty Dell computer. Dell must contain a TPM 2.0 security chip.

Get help

Submit a Help request

Learn more

Last modified March 4, 2024