Essential 8 Compliance

Trustworthy and Robust Cyber Security Systems to Protect Your Assets.

What is The Essential 8?

The ACSC Essential 8 is a comprehensive set of strategies developed by the Australian Cyber Security Centre (ACSC) to help organisations mitigate cyber threats and enhance their overall security posture.

The intention behind The Essential 8 is to provide a set of practical, achievable, and impactful cybersecurity measures that organisations of all sizes and sectors can implement to protect their critical assets.

The Essential 8 consists of eight mitigation strategies grouped into three categories: Preventing malware delivery and execution, limiting the extent of cyber security incidents, and recovering data and system availability.

The benefits of implementing the Essential 8 are significant. By following these strategies, organisations can reduce their exposure to cyber threats, enhance their incident response capabilities, and protect their critical assets.

ZaheZone can make your business Essential 8 compliant

At ZaheZone, we understand that cybersecurity can be a complex process to navigate. Our team can provide tailored support to ensure your business is compliant with the Essential 8 guidelines.

Application Whitelisting

Application whitelisting of approved/trusted programs to prevent the execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers.

Patch Applications

Patch applications e.g. Flash, web browsers, Microsoft Office, Java and PDF viewers. Patch/mitigate computers with 'extreme risk' vulnerabilities within 48 hours. Use the latest version of applications.

Configure Microsoft Office Macro Settings

Configure Microsoft Office macro settings to block macros from the Internet, and only allow vetted macros either in 'trusted locations' with limited white access of digitally signed with a trusted certificate.

User Application Hardening

Configure web browsers to block Flash (ideally uninstall it), ads and Java on Internet. Disable unneeded features in Microsoft Office (e.g. OLE), web browsers and PDF viewers.

Restrict Administrative Privileges

Restrict administrative privileges to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don't use privileged accounts for reading email and web browsing.

Patch Operating Systems

Patch/mitigate computers (including network devices) with 'extreme risk' vulnerabilities within 48 hours. Use the latest operating system version. Don't use unsupported versions.

Multi-Factor Authentication

Multi-factor authentication including for VPNs, RDP, SSH and other remote access, and for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository.

Daily Backups

Daily backups of important new/changed data, software and configuration settings, stored disconnected, retained for at least three months. Test restoration initially, annually and when IT infrastructure changes.

Reach out to us today for a consultation on how ZaheZone can help you take back control of your cybersecurity.