ACSC updates Essential Eight guidance


By Dylan Bushell-Embling
Wednesday, 14 July, 2021

ACSC updates Essential Eight guidance

The Australian Cyber Security Centre (ACSC) has published updated guidance on implementing the Essential Eight threat mitigation strategies.

The new Essential Eight Maturity Model now prioritises the implementation of all eight mitigation strategies as a holistic package before moving to a higher maturity level.

The complementary nature of the mitigation strategy and the necessity of employing multiple strategies to respond to various cyber threats makes this the preferred implementation model, the revised document states.

Organisations should accordingly implement the Essential Eight to the same standard before moving onto higher maturity levels. Implementation should use a risk-based approach, and organisations should strive to minimise any exceptions and their scope, the ACSC said.

The model classifies an organisation’s level of maturity on one of four levels, starting with level zero — showing weaknesses in an organisation’s overall cybersecurity posture. Maturity level one is focused on deterring adversaries who are content to simply leverage commodity tradecraft that is widely available in order to gain access to systems.

Maturity level two is focused on adversaries with more capabilities than in the previous level, while maturity level three is focused on sophisticated, adaptive adversaries who are much less reliant on public tools and techniques.

In addition, the guide has been updated with an increased emphasis on risk management, which includes better enabling organisations to manage risks associated with legacy systems.

The Essential Eight mitigation strategies are application control; application patching; the configuration of Office macro settings; user application hardening; restricting admin privileges; patching operating systems; implementing multi-factor authentication; and conducting regular backups.

Image credit: ©stock.adobe.com/au/Lev

Related News

CrowdStrike to buy Adaptive Shield

CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...

LockBit named nastiest malware of 2024

LockBit, a ransomware malware known to have been used to attack Australian targets, has been...

Extreme Networks launches ZTNA solution

Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd