Search

System hardening  

Oct 31, 2025 - This page lists publications on the hardening of applications and IT equipment.

Email hardening  

Oct 31, 2025 - This page lists publications on the hardening of message exchange via electronic mail.

Mobility hardening  

Sep 3, 2025 - This page lists advice and resources to help keep mobile devices and mobility tools secure.

Network hardening  

Apr 11, 2023 - This page lists publications on the hardening of network infrastructure.

Web hardening  

Dec 2, 2020 - This page lists publications on the hardening of services that can be accessed via the World Wide Web.

Hardening systems and applications  

Apr 11, 2023 - It is important for all organisations to maintain the cybersecurity of their systems and data.

Guidelines for system hardening   Advice

Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on system hardening.

Hardening Microsoft Windows 10 workstations   Publication

Sep 4, 2025 - This publication provides recommendations on hardening workstations using Enterprise and Education editions of Microsoft Windows 10. While this publication refers to workstations, most recommendations are equally applicable to servers (with the exception of Domain Controllers) using Microsoft Windows Server. Security features discussed in this publication, along with the names and locations of Group Policy settings, are taken from Microsoft Windows 10 version 22H2.

Hardening Microsoft Windows 11 workstations   Publication

Sep 4, 2025 - This publication provides recommendations on hardening workstations using Enterprise and Education editions of Microsoft Windows 11. While this publication refers to workstations, most recommendations are equally applicable to servers (with the exception of Domain Controllers) using Microsoft Windows Server. Security features discussed in this publication, along with the names and locations of Group Policy settings, are taken from Microsoft Windows 11 version 24H2.

Technical example: User application hardening   Publication

Dec 16, 2022 - User application hardening protects an organisation from a range of threats including malicious websites, advertisements running malicious scripts and exploitation of vulnerabilities in unsupported software. These attacks often take legitimate application functionality and use it for malicious purposes. User application hardening makes it harder for cybercriminals to exploit vulnerabilities or at-risk functionality in your organisation’s applications.

Hardening Linux workstations and servers   Publication

Nov 27, 2023 - This publication has been developed to assist organisations in understanding how to harden Linux workstations and servers.

Enhanced visibility and hardening guidance for communications infrastructure   Advisory

Dec 4, 2024 - This guide provides network engineers and defenders of communications infrastructure with best practices to strengthen their visibility and harden their network devices against successful exploitation carried out by PRC-affiliated and other malicious cyber actors.

Hardening Microsoft 365, Office 2021, Office 2019 and Office 2016   Publication

Jul 24, 2023 - Workstations are often targeted by malicious actors using malicious websites, emails or removable media in an attempt to extract sensitive information. Hardening applications on workstations is an important part of reducing this risk.

Microsoft Exchange Server security best practices   Publication

Oct 31, 2025 - This paper—authored by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), and Canadian Centre for Cyber Security (Cyber Centre)—provides security best practices for administrators on hardening on-premises (on-prem) Exchange.

Gateway security guidance package   Guidance

Jul 29, 2025 - This page lists publications on the hardening of gateway services.

Cyber threat actors compromising networks of major global telecommunications providers    News

Dec 4, 2024 - New guidance is available for network defenders of communications infrastructure to strengthen visibility and harden devices against PRC-affiliated and other malicious cyber actors.

Don’t take BADCANDY from strangers – How your devices could be implanted and what to do about it   Advisory

Oct 31, 2025 - ASD recommends that system operators take the following actions to remove the BADCANDY implant if compromised and to mitigate the risk of re-exploitation.

Small business  

Jun 15, 2023 - Basic steps to protect your business and staff from cyberthreats. Our guide has information and resources to help you and your staff prepare for cyberattacks.

New guidance to strengthen Microsoft Exchange Server security   News

Oct 31, 2025 - ASD’s ACSC and international partners have co-authored guidance on best practices for Microsoft Exchange Server to help organisations mitigate risks and prevent malicious activity.

Australian organisations encouraged to urgently adopt an enhanced cyber security posture   Alert

Mar 28, 2022 - Australian organisations are encouraged to urgently adopt an enhanced cyber security posture. Organisations should act now and follow ACSC’s advice to improve their cyber security resilience in light of the heightened threat environment.

Implementing network segmentation and segregation   Publication

Oct 6, 2021 - Learn about practical strategies to make it harder for malicious actors to access sensitive data. This guidance is for those responsible for an organisation’s network architecture and design.

Consider your cyber hygiene in light of global events   News

Jul 1, 2025 - Around the world, geopolitical tensions remain complex as nations navigate diplomatic, economic, and military challenges. ASD’s ACSC recommends that organisations continue to review their current cyber security posture and maintain sufficient monitoring for cyber threats.

Guidelines for system management   Advice

Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on system management.

Annual Cyber Threat Report 2024-2025   Reports and statistics

Oct 14, 2025 - ASD’s Annual Cyber Threat Report 2024–25 provides an overview of the key cyber threats impacting Australia, how ASD’s ACSC is responding and cyber security advice for Australian individuals, organisations and government to protect themselves online.

Managing the risks of legacy IT: Practitioner guidance   Publication

Jun 12, 2024 - This publication provides guidance for practitioners on managing the risks posed by legacy IT and outlines low-cost mitigations that organisations can draw upon.

Essential Eight maturity model FAQ   Publication

Oct 28, 2024 - This publication provides answers to frequency asked questions on how to implement the Essential Eight.

Mitigation strategies for edge devices: Practitioner guidance   Publication

Feb 4, 2025 - This publication expands on Mitigation strategies for edge devices: executive guidance. It provides IT practitioners with a list of mitigation strategies for the most common types of edge devices and appliances across enterprise networks and large organisations.

Foundations for modern defensible architecture   Publication

Oct 23, 2025 - The Foundations represent the first step to help organisations adopt a ‘modern defensible architecture’ approach, which will enable them to evolve alongside the threat landscape.

Small business cloud security guides  

Apr 2, 2024 - ASD's ACSC has released a series of guides designed to help small businesses secure their cloud environment.

Guidelines for system monitoring   Advice

Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on system monitoring.