Guidelines for Media Management
- Security control 0323 was modified to fix the missing ‘of information’ text within the security control.
Guidelines for System Management
- Security controls 1412 and 1470 were modified to replace ‘PDF reader’ with ‘PDF viewer’ to ensure consistency of language within the document and with other publications such as the Strategies to Mitigate Cyber Security Incidents and the Essential Eight Maturity Model.
Guidelines for Using Cryptography
- References to TLS version 1.2 were updated to refer to TLS version 1.3 which was released in August 2018.
Security Assessment Aid
- The XML ‘</Decription>’ tag was changed to ‘</Description>’.
- The entry for security control 0421 was updated to include its control number.
List of new or modified security controls
Security Control: 0323; Revision: 5; Updated: Feb-19; Applicability: O, P, S, TS; Priority: Must
Media is classified to the highest sensitivity or classification of information stored on the media.
Security Control: 1412; Revision: 2; Updated: Feb-19; Applicability: O, P, S, TS; Priority: Should
ACSC and vendor guidance is implemented to assist in hardening the configuration of Microsoft Office, web browsers and PDF viewers.
Security Control: 1470; Revision: 2; Updated: Feb-19; Applicability: O, P, S, TS; Priority: Must
Any unrequired functionality in Microsoft Office, web browsers and PDF viewers is disabled.