While no set of mitigation strategies are guaranteed to protect against all cyber threats, organisations are recommended to implement eight essential mitigation strategies from the ACSC’s Strategies to Mitigate Cyber Security Incidents as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems. Essential Eight Maturity Model The Essential Eight Maturity Model provides advice on how to implement the Essential Eight to mitigate different levels of adversary tradecraft and targeting. Essential Eight Maturity Model FAQ The Essential Eight Maturity Model provides advice on how to implement the Essential Eight to mitigate different levels of adversary tradecraft and targeting. Essential Eight to ISM Mapping This publication provides a mapping between the Essential Eight Maturity Model and the security controls within the Information Security Manual (ISM). This mapping represents the minimum security controls organisations must implement to meet the intent of the Essential Eight. Essential Eight Assessment Process Guide The purpose of this document is to provide supplementary guidance on the eight essential mitigation strategies from the Australian Cyber Security Centre’s Strategies to Mitigate Cyber Security Incidents (known collectively as the ‘Essential Eight’). In doing so, this document details the steps for undertaking an assessment against the Essential Eight, including methods for testing the implementation of each of the mitigation strategies. Implementing Application Control Application control is one of the most effective mitigation strategies in ensuring the security of systems. As such, application control forms part of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents. This publication provides guidance on what application control is, what application control is not, and how to implement application control. Assessing Security Vulnerabilities and Applying Patches Applying patches to applications and operating systems is critical to ensuring the security of systems. As such, patching forms part of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents. Microsoft Office Macro Security Microsoft Office applications can execute macros to automate routine tasks. However, macros can contain malicious code resulting in unauthorised access to sensitive information as part of a targeted cyber intrusion. This publication has been developed to discuss approaches that can be applied by organisations to secure systems against malicious macros while balancing both their business and security requirements. Restricting Administrative Privileges This publication provides guidance on restricting the use of administrative privileges. Restricting the use of administrative privileges is one of the eight essential mitigation strategies from the Strategies to Mitigate Cyber Security Incidents. Implementing Multi-Factor Authentication Multi-factor authentication is one of the most effective controls an organisation can implement to prevent an adversary from gaining access to a device or network and accessing sensitive information. When implemented correctly, multi-factor authentication can make it significantly more difficult for an adversary to steal legitimate credentials to facilitate further malicious activities on a network. Due to its effectiveness, multi-factor authentication is one of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents.
Essential Eight Maturity Model The Essential Eight Maturity Model provides advice on how to implement the Essential Eight to mitigate different levels of adversary tradecraft and targeting.
Essential Eight Maturity Model FAQ The Essential Eight Maturity Model provides advice on how to implement the Essential Eight to mitigate different levels of adversary tradecraft and targeting.
Essential Eight to ISM Mapping This publication provides a mapping between the Essential Eight Maturity Model and the security controls within the Information Security Manual (ISM). This mapping represents the minimum security controls organisations must implement to meet the intent of the Essential Eight.
Essential Eight Assessment Process Guide The purpose of this document is to provide supplementary guidance on the eight essential mitigation strategies from the Australian Cyber Security Centre’s Strategies to Mitigate Cyber Security Incidents (known collectively as the ‘Essential Eight’). In doing so, this document details the steps for undertaking an assessment against the Essential Eight, including methods for testing the implementation of each of the mitigation strategies.
Implementing Application Control Application control is one of the most effective mitigation strategies in ensuring the security of systems. As such, application control forms part of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents. This publication provides guidance on what application control is, what application control is not, and how to implement application control.
Assessing Security Vulnerabilities and Applying Patches Applying patches to applications and operating systems is critical to ensuring the security of systems. As such, patching forms part of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents.
Microsoft Office Macro Security Microsoft Office applications can execute macros to automate routine tasks. However, macros can contain malicious code resulting in unauthorised access to sensitive information as part of a targeted cyber intrusion. This publication has been developed to discuss approaches that can be applied by organisations to secure systems against malicious macros while balancing both their business and security requirements.
Restricting Administrative Privileges This publication provides guidance on restricting the use of administrative privileges. Restricting the use of administrative privileges is one of the eight essential mitigation strategies from the Strategies to Mitigate Cyber Security Incidents.
Implementing Multi-Factor Authentication Multi-factor authentication is one of the most effective controls an organisation can implement to prevent an adversary from gaining access to a device or network and accessing sensitive information. When implemented correctly, multi-factor authentication can make it significantly more difficult for an adversary to steal legitimate credentials to facilitate further malicious activities on a network. Due to its effectiveness, multi-factor authentication is one of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents.
