Essential 8 Compliance
What is The Essential 8?
The ACSC Essential 8 is a comprehensive set of strategies developed by the Australian Cyber Security Centre (ACSC) to help organisations mitigate cyber threats and enhance their overall security posture.
The intention behind The Essential 8 is to provide a set of practical, achievable, and impactful cybersecurity measures that organisations of all sizes and sectors can implement to protect their critical assets.
The Essential 8 consists of eight mitigation strategies grouped into three categories: Preventing malware delivery and execution, limiting the extent of cyber security incidents, and recovering data and system availability.
The benefits of implementing the Essential 8 are significant. By following these strategies, organisations can reduce their exposure to cyber threats, enhance their incident response capabilities, and protect their critical assets.
ZaheZone can make your business Essential 8 compliant
Application Whitelisting
Application whitelisting of approved/trusted programs to prevent the execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers.
Patch Applications
Patch applications e.g. Flash, web browsers, Microsoft Office, Java and PDF viewers. Patch/mitigate computers with 'extreme risk' vulnerabilities within 48 hours. Use the latest version of applications.
Configure Microsoft Office Macro Settings
Configure Microsoft Office macro settings to block macros from the Internet, and only allow vetted macros either in 'trusted locations' with limited white access of digitally signed with a trusted certificate.
User Application Hardening
Configure web browsers to block Flash (ideally uninstall it), ads and Java on Internet. Disable unneeded features in Microsoft Office (e.g. OLE), web browsers and PDF viewers.
Restrict Administrative Privileges
Restrict administrative privileges to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don't use privileged accounts for reading email and web browsing.
Patch Operating Systems
Patch/mitigate computers (including network devices) with 'extreme risk' vulnerabilities within 48 hours. Use the latest operating system version. Don't use unsupported versions.
Multi-Factor Authentication
Multi-factor authentication including for VPNs, RDP, SSH and other remote access, and for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository.
Daily Backups
Daily backups of important new/changed data, software and configuration settings, stored disconnected, retained for at least three months. Test restoration initially, annually and when IT infrastructure changes.