Essential Eight

While no set of mitigation strategies are guaranteed to protect against all cyber threats, organisations are recommended to implement eight essential mitigation strategies from the ACSC’s Strategies to Mitigate Cyber Security Incidents as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems.

Essential Eight Maturity Model

The Essential Eight Maturity Model provides advice on how to implement the Essential Eight to mitigate different levels of adversary tradecraft and targeting.

Essential Eight Maturity Model FAQ

The Essential Eight Maturity Model provides advice on how to implement the Essential Eight to mitigate different levels of adversary tradecraft and targeting.

Implementing Application Control

Application control is one of the most effective mitigation strategies in ensuring the security of systems. As such, application control forms part of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents. This publication provides guidance on what application control is, what application control is not, and how to implement application control.

Assessing Security Vulnerabilities and Applying Patches

Applying patches to applications and operating systems is critical to ensuring the security of systems. As such, patching forms part of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents.

Microsoft Office Macro Security

Microsoft Office applications can execute macros to automate routine tasks. However, macros can contain malicious code resulting in unauthorised access to sensitive information as part of a targeted cyber intrusion. This publication has been developed to discuss approaches that can be applied by organisations to secure systems against malicious macros while balancing both their business and security requirements.

Restricting Administrative Privileges

This publication provides guidance on restricting the use of administrative privileges. Restricting the use of administrative privileges is one of the eight essential mitigation strategies from the Strategies to Mitigate Cyber Security Incidents.

Implementing Multi-Factor Authentication

Multi-factor authentication is one of the most effective controls an organisation can implement to prevent an adversary from gaining access to a device or network and accessing sensitive information. When implemented correctly, multi-factor authentication can make it significantly more difficult for an adversary to steal legitimate credentials to facilitate further malicious activities on a network. Due to its effectiveness, multi-factor authentication is one of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents.