The Essential Eight is a series of baseline mitigation strategies taken from the Strategies to Mitigate Cyber Security Incidents recommended for organisations. Implementing these strategies as a minimum makes it much harder for adversaries to compromise systems.
The Strategies to Mitigate Cyber Security Incidents is a prioritised list of mitigation strategies to assist organisations in protecting their systems against a range of adversaries. The mitigation strategies can be customised based on each organisation’s risk profile and the adversaries they are most concerned about.
This document provides a mapping between Maturity Level 3 of the Essential Eight Maturity Model and the security controls within the Australian Government Information Security Manual (ISM). This mapping represents the minimum security controls organisations must implement to meet the intent of the Essential Eight.
Application control is one of the most effective mitigation strategies in ensuring the security of systems. As such, application control forms part of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents. This document provides guidance on what application control is, what application control is not, and how to implement application control.
Microsoft Office applications can execute macros to automate routine tasks. However, macros can contain malicious code resulting in unauthorised access to sensitive information as part of a targeted cyber intrusion. This document has been developed to discuss approaches that can be applied by organisations to secure systems against malicious macros while balancing both their business and security requirements.
Multi-factor authentication is one of the most effective controls an organisation can implement to prevent an adversary from gaining access to a device or network and accessing sensitive information. When implemented correctly, multi-factor authentication can make it significantly more difficult for an adversary to steal legitimate credentials to facilitate further malicious activities on a network. Due to its effectiveness, multi-factor authentication is one of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents.
The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies to help cyber security professionals in all organisations mitigate cyber security incidents caused by various cyber threats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.