ACSC updates Essential Eight guidance


By Dylan Bushell-Embling
Wednesday, 14 July, 2021

ACSC updates Essential Eight guidance

The Australian Cyber Security Centre (ACSC) has published updated guidance on implementing the Essential Eight threat mitigation strategies.

The new Essential Eight Maturity Model now prioritises the implementation of all eight mitigation strategies as a holistic package before moving to a higher maturity level.

The complementary nature of the mitigation strategy and the necessity of employing multiple strategies to respond to various cyber threats makes this the preferred implementation model, the revised document states.

Organisations should accordingly implement the Essential Eight to the same standard before moving onto higher maturity levels. Implementation should use a risk-based approach, and organisations should strive to minimise any exceptions and their scope, the ACSC said.

The model classifies an organisation’s level of maturity on one of four levels, starting with level zero — showing weaknesses in an organisation’s overall cybersecurity posture. Maturity level one is focused on deterring adversaries who are content to simply leverage commodity tradecraft that is widely available in order to gain access to systems.

Maturity level two is focused on adversaries with more capabilities than in the previous level, while maturity level three is focused on sophisticated, adaptive adversaries who are much less reliant on public tools and techniques.

In addition, the guide has been updated with an increased emphasis on risk management, which includes better enabling organisations to manage risks associated with legacy systems.

The Essential Eight mitigation strategies are application control; application patching; the configuration of Office macro settings; user application hardening; restricting admin privileges; patching operating systems; implementing multi-factor authentication; and conducting regular backups.

Image credit: ©stock.adobe.com/au/Lev

Related News

Tanium partners with DXC on endpoint management

Tanium has secured a partnership agreement with DXC that will leverage the company's...

Surge in GenAI data uploads increasing unintentional cyber risk: report

Without proper data security controls, GenAI can turn employees into unintentional...

Fastly enhances bot management platform

Fastly has added new capabilities to its bot management platform aimed at making it easier for...


  • All content Copyright © 2025 Westwick-Farrow Pty Ltd