View all publications

06 Oct 2021

Cloud Computing Security for Cloud Service Providers

This publication is designed to assist assessors validating the security posture of a cloud service in order to provide organisations with independent assurance of security claims made by Cloud Service Providers (CSPs). This publication can also assist CSPs to offer secure cloud services.

06 Oct 2021

Managed Service Providers: How to Manage Risk to Customer Networks

The compromise of several Managed Service Providers (MSPs) was reported in 2017. In response, the Australian Cyber Security Center (ACSC) provided organisations with the information they needed to protect themselves and others from this threat.

06 Oct 2021

Protecting Against Business Email Compromise

Business email compromise is when criminals use email to abuse trust in business processes to scam organisations out of money or goods. Criminals can impersonate business representatives using similar names, domains and/or fraudulent logos as a legitimate organisation or by using compromised email accounts and pretending to be a trusted co-worker.

06 Oct 2021

Restricting Administrative Privileges

This publication provides guidance on restricting the use of administrative privileges. Restricting the use of administrative privileges is one of the eight essential mitigation strategies from the Strategies to Mitigate Cyber Security Incidents.

06 Oct 2021

Travelling Overseas with Electronic Devices

This publication provides guidance on strategies that individuals can take to secure the use of electronic devices when travelling overseas.

06 Oct 2021

Cyber Supply Chain Risk Management

All organisations should consider cyber supply chain risk management. If a supplier, manufacturer, distributor or retailer (i.e. businesses that constitute a cyber supply chain) are involved in products or services used by an organisation, there will be a cyber supply chain risk originating from those businesses. Likewise, an organisation will transfer any cyber supply chain risk they hold to their customers.

06 Oct 2021

Cloud Assessment and Authorisation – Frequently Asked Questions

This publication provides answers relating to frequently asked questions on the Australian Cyber Security Centre (ACSC)’s new cloud security guidance, future support, government self-assessment and cloud security assessment reports.

06 Oct 2021

Preparing for and Responding to Cyber Security Incidents

The Australian Cyber Security Centre (ACSC) is responsible for monitoring and responding to cyber threats targeting Australian interests. The ACSC can help organisations respond to cyber security incidents. Reporting cyber security incidents ensures that the ACSC can provide timely assistance.

06 Oct 2021

Cloud Computing Security Considerations

Cloud computing offers potential benefits including cost savings and improved business outcomes for organisations. However, there are a variety of information security risks that need to be carefully considered. Risks will vary depending on the sensitivity of the data to be stored or processed, and how the chosen cloud vendor (also referred to as a cloud service provider) has implemented their specific cloud services.

06 Oct 2021

Security Configuration Guide – Viasat Mobile Dynamic Defense

The ACSC has developed this guidance to assist organisations to understand the risks of deploying and provide specific configuration requirements for the Viasat Mobile Dynamic Defense (MDD) system to handle sensitive or classified data.

06 Oct 2021

Windows Event Logging and Forwarding

A common theme identified by the Australian Cyber Security Centre (ACSC) while performing investigations is that organisations have insufficient visibility of activity occurring on their workstations and servers. Good visibility of what is happening in an organisation’s environment is essential for conducting an effective investigation. It also aids incident response efforts by providing critical insights into the events relating to a cyber security incident and reduces the overall cost of responding to them.

06 Oct 2021

Cloud Computing Security for Tenants

This publication is designed to assist an organisation’s cyber security team, cloud architects and business representatives to jointly perform a risk assessment and use cloud services securely.

06 Oct 2021

Implementing Multi-Factor Authentication

Multi-factor authentication is one of the most effective controls an organisation can implement to prevent an adversary from gaining access to a device or network and accessing sensitive information. When implemented correctly, multi-factor authentication can make it significantly more difficult for an adversary to steal legitimate credentials to facilitate further malicious activities on a network. Due to its effectiveness, multi-factor authentication is one of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents.

06 Oct 2021

Marketing and Filtering Email Service Providers

This publication provides high level guidance on how to use email service providers (ESPs) in particular deployment scenarios. The considerations and controls described in that publication also apply to ESPs sending email on your behalf.

06 Oct 2021

Bring Your Own Device for Executives

Bring Your Own Device (BYOD) scenarios enable organisations to take advantage of new technologies faster. It also has the potential to reduce hardware costs and improve organisational productivity and flexibility. However, BYOD also introduces new risks to an organisation’s business and the security of its information, which need to be carefully considered before implementation.

06 Oct 2021

Essential Eight Maturity Model

The Essential Eight Maturity Model provides advice on how to implement the Essential Eight to mitigate different levels of adversary tradecraft and targeting.

06 Oct 2021

Fundamentals of Cross Domain Solutions

This guidance introduces technical and non-technical audiences to cross domain security principles for securely connecting security domains. It explains the purpose of a Cross Domain Solution (CDS) and promotes a data-centric approach to a CDS system implementation based on architectural principles and risk management. This guidance also covers a broad range of fundamental concepts relating to a CDS, which should be accessible to readers who have some familiarity with the field of cyber security. Organisations with complex information sharing requirements are encouraged to refer to this guidance in the planning, analysis, design and implementation of CDS systems.

06 Oct 2021

IoT Code of Practice: Guidance for Manufacturers

Internet of Things (IoT) devices need to have effective cyber security provisions to defend against potential threats.

06 Oct 2021

Risk Management of Enterprise Mobility Including Bring Your Own Device

This publication has been developed to provide senior business representatives with a list of enterprise mobility considerations. These include business cases, regulatory obligations and legislation, available budget and personnel resources, and risk tolerance. Additionally, risk management controls are provided for cyber security practitioners.

06 Oct 2021

End of Support for Microsoft Windows Server 2008 and Windows Server 2008 R2

On 14 January 2020, Microsoft ended support for Microsoft Windows Server 2008 and Windows Server 2008 R2. As such, organisations no longer receive patches for security vulnerabilities identified in these products. Subsequently, adversaries may use these unpatched security vulnerabilities to target Microsoft Windows Server 2008 and Windows Server 2008 R2 servers.

06 Oct 2021

Essential Eight Maturity Model FAQ

The Essential Eight Maturity Model provides advice on how to implement the Essential Eight to mitigate different levels of adversary tradecraft and targeting.

06 Oct 2021

Questions to ask Managed Service Providers

This publication provides simple yet practical questions to ask managed service providers regarding the cyber security of their systems and the services they provide.

06 Oct 2021

Securing Content Management Systems

Security vulnerabilities within content management systems (CMS) installed on web servers of organisations are often exploited by adversaries. Once a CMS has been compromised, the web server can be used as infrastructure to facilitate targeted intrusion attempts.

06 Oct 2021

Using Virtual Private Networks

Virtual Private Network (VPN) connections can be an effective means of providing remote access to a network; however, VPN connections can be abused by an adversary to gain access to a network without relying on malware and covert communication channels. This publication identifies security controls that should be considered when implementing VPN connections.

06 Oct 2021

Identifying Cyber Supply Chain Risks

This guidance has been developed to assist organisations in identifying risks associated with their use of suppliers, manufacturers, distributors and retailers (i.e. businesses that constitute their cyber supply chain).

06 Oct 2021

Detecting Socially Engineered Messages

Socially engineered messages present a significant threat to individuals and organisations due to their ability to assist an adversary with compromising accounts, devices, systems or sensitive information. This publication offers guidance on identifying socially engineered messages delivered by email, SMS, instant messaging or other direct messaging services offered by social media applications.

06 Oct 2021

How to Combat Fake Emails

Organisations can reduce the likelihood of their domains being used to support fake emails by implementing Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC) records in their Domain Name System (DNS) configuration. Using DMARC with DomainKeys Identified Mail (DKIM) to sign emails provides further safety against fake emails. Likewise, organisations can better protect their users against fake emails by ensuring their email systems use and apply SPF, DKIM and DMARC policies on inbound email.

06 Oct 2021

Implementing Application Control

Application control is one of the most effective mitigation strategies in ensuring the security of systems. As such, application control forms part of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents. This publication provides guidance on what application control is, what application control is not, and how to implement application control.

06 Oct 2021

Hardening Microsoft 365, Office 2021, Office 2019 and Office 2016

Workstations are often targeted by adversaries using malicious websites, emails or removable media in an attempt to extract sensitive information. Hardening applications on workstations is an important part of reducing this risk.

06 Oct 2021

Hardening Microsoft Windows 10 version 21H1 Workstations

Workstations are often targeted by an adversary using malicious websites, emails or removable media in an attempt to extract sensitive information. Hardening workstations is an important part of reducing this risk. This publication provides recommendations on hardening workstations using Enterprise and Education editions of Microsoft Windows 10 version 21H1.

06 Oct 2021

An Examination of the Redaction Functionality of Adobe Acrobat Pro DC 2017

This publication provides guidance on the efficacy of redaction facilities within Adobe Acrobat Pro DC 2017 and is intended for information technology and information security professionals within organisations looking to redact sensitive or personal information from PDF documents before releasing them into the public domain or to other third parties.

06 Oct 2021

Mergers, Acquisitions and Machinery of Government Changes

This publication provides guidance on strategies that organisations can apply during mergers, acquisitions and Machinery of Government changes.

06 Oct 2021

Preparing for and Responding to Denial-of-Service Attacks

Although organisations cannot avoid being targeted by denial-of-service attacks, there are a number of measures that organisations can implement to prepare for and potentially reduce the impact if targeted. Preparing for denial-of-service attacks before they occur is by far the best strategy, it is very difficult to respond once they begin and efforts at this stage are unlikely to be effective.

06 Oct 2021

Domain Name System Security for Domain Owners

This publication provides information on Domain Name System (DNS) security for domain owners, as well as mitigation strategies to reduce the risk of misuse of domains and associated resources. Organisations are recommended to implement the mitigation strategies in this publication to improve the security of their DNS infrastructure.

06 Oct 2021

Mitigating the Use of Stolen Credentials

This publication explains the risks posed by the use of stolen credentials and how they can be mitigated.

06 Oct 2021

Essential Eight to ISM Mapping

This publication provides a mapping between the Essential Eight Maturity Model and the security controls within the Australian Government Information Security Manual (ISM). This mapping represents the minimum security controls organisations must implement to meet the intent of the Essential Eight.

06 Oct 2021

Protecting Web Applications and Users

This publication provides advice for web developers and security professionals on how they can protect their existing web applications by implementing low cost and effective security controls which do not require changes to a web application’s code. These security controls when applied to new web applications in development, whether in the application’s code or server configuration, form part of the defence-in-depth strategy.

06 Oct 2021

Securing PowerShell in the Enterprise

This publication describes a maturity framework for PowerShell in a way that balances the security and business requirements of organisations. This maturity framework will enable organisations to take incremental steps towards securing PowerShell across their environment.

06 Oct 2021

Microsoft Office Macro Security

Microsoft Office applications can execute macros to automate routine tasks. However, macros can contain malicious code resulting in unauthorised access to sensitive information as part of a targeted cyber intrusion. This publication has been developed to discuss approaches that can be applied by organisations to secure systems against malicious macros while balancing both their business and security requirements.

06 Oct 2021

Web Conferencing Security

Web conferencing solutions (also commonly referred to as online collaboration tools) often provide audio/video conferencing, real-time chat, desktop sharing and file transfer capabilities. As we increasingly use web conferencing to keep in touch while working from home, it is important to ensure that this is done securely without introducing unnecessary privacy, security and legal risks. This publication provides guidance on both how to select a web conferencing solution and how to use it securely.

06 Oct 2021

Secure Administration

Privileged access allows administrators to perform their duties such as establishing and making changes to key servers, networking devices, user workstations and user accounts. Privileged access or credentials are often seen as the ‘keys to the kingdom’ as they allow the bearers to have access and control over many different assets within a network. This publication provides guidance on how to implement secure administration techniques.

06 Oct 2021

Domain Name System Security for Domain Resolvers

This publication provides information on Domain Name System (DNS) security for recursive resolution servers, as well as mitigation strategies to reduce the risk of DNS resolver subversion or compromise. Organisations should implement the mitigation strategies in this publication to improve the security of their DNS infrastructure.

06 Oct 2021

Assessing Security Vulnerabilities and Applying Patches

Applying patches to applications and operating systems is critical to ensuring the security of systems. As such, patching forms part of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents.

06 Oct 2021

Implementing Certificates, TLS, HTTPS and Opportunistic TLS

Transport Layer Security (TLS) is a widely used encryption protocol which enables parties to communicate securely over the internet. Through the use of certificates and Public Key Infrastructure (PKI), parties can identify each other through a trusted intermediary and establish encrypted tunnels for the secure transfer of information.

06 Oct 2021

Industrial Control Systems Remote Access Protocol

External parties may need to connect remotely to critical infrastructure control networks. This is to allow manufacturers of equipment the ability to maintain the equipment when a fault is experienced that cannot be fixed in the required timeframe. Such access to external parties will only occur in extraordinary circumstances, and will only be given at critical times where access is required to maintain the quality of everyday life in Australia.

06 Oct 2021

Defending Against the Malicious Use of the Tor Network

Blocking traffic from the Tor network will prevent adversaries from using the Tor network to easily conduct anonymous reconnaissance and exploitation of systems and typically has minimal, if any, impact on legitimate users. This publication provides guidance on the prevention and detection of traffic from the Tor network.

06 Oct 2021

Implementing Network Segmentation and Segregation

This publication intends to assist staff responsible for an organisation’s network architecture and design to increase the security posture of their networks by applying network segmentation and segregation strategies.

06 Oct 2021

Cyber Security for Contractors

This publication has been developed to assist contractors with appropriately securing Australian Government information on their systems.

06 Oct 2021

Introduction to Cross Domain Solutions

This publication introduces technical and non-technical audiences to the concept of a Cross Domain Solution (CDS), a type of security capability that is used to connect discrete systems within separate security domains in an assured manner.

06 Oct 2021

Using Remote Desktop Clients

Remote access solutions are increasingly being used to access organisations’ systems. One common method of enabling remote access is to use a remote desktop client. This publication provides guidance on security risks associated with the use of remote desktop clients.