ACSCAustralian GovernmentEssential Eight8 Strategies

The Essential Eight: The ultimate defense against Cyber Threats

A government standard guideline to improve the cybersecurity of organisations. Protect your business from cyber threats with the Australian Cyber Security Centre’s Essential Eight. It provides a roadmap for organizations to prioritize their cybersecurity efforts, ensuring focus on the most critical risks. Cianaa supports Australia, New Zealand and Asia Pacific.

8 Strategies at a glance

The Essential Eight

1Application Control
2Patch Applications
3Office Macro Settings
4User Application Hardening
5Restrict Admin Privileges
6Patch Operating Systems
7Multi-Factor Authentication
8Regular Backups
Australian Government

What is the Essential Eight?

The Essential Eight is an Australian cyber security framework comprising eight crucial strategies from the ACSC’s “Strategies to Mitigate Cyber Security Incidents.” Introduced as a baseline cyber resilience model for Australian government and enterprise organisations.

Significantly Improve Security Posture

By implementing the Essential Eight, organizations can significantly improve their overall security posture, reducing their risk of a successful cyber attack.

Cost-Effective Approach

It is a cost-effective approach to cybersecurity, as it focuses on the most critical risks and does not require extensive investment in technology.

National Protection

Implementing best practices from government standards for cybersecurity can help protect citizens, businesses, and the country as a whole from the growing threat of cyberattack.

Roadmap for Prioritization

It provides a roadmap for organizations to prioritize their cybersecurity efforts, ensuring that they are focusing on the most critical risks.

Regulatory Alignment

Many organizations are required to comply with cybersecurity regulations and standards. Essential Eight provides a roadmap to meet these requirements and improve overall posture.

Multi-Framework Alignment

Cianaa integrates a multi-method approach using NZISM, ISO 27001, NIST 800-53 and PCI DSS to guide the audit process.

The 8 strategies

The Essential Eight Strategies

Eight crucial mitigation strategies, ranked for impact on the most common cyber security incidents.

1

Application Control

Ensure only trusted, approved applications can run on systems.

2

Patch Applications

Promptly apply security patches to third-party applications. Critical patch update in 48 hours.

3

Configure Microsoft Office Macro Settings

Disable or restrict macros in Office documents, especially from untrusted sources.

4

User Application Hardening

Harden user applications by turning off or removing risky features that aren’t needed.

5

Restrict Administrative Privileges

Limit admin accounts to only those who truly need them, and use the principle of least privilege.

6

Patch Operating Systems

Keep operating systems (Windows, macOS, Linux) up to date with the latest security patches.

7

Multi-Factor Authentication (MFA)

Require MFA for all users, especially for remote access and privileged accounts.

8

Perform Regular Backups

Perform daily or frequent backups of important data, software and configuration settings. Store backups securely offsite or offline.

Our approach

The Auditor’s Philosophy

1

Scope & Objectives

The auditor works on the scope of the audit, establishes objectives and develops a plan for conducting the audit.

2

Identify Vectors

The auditors identify the people, processes and technologies in scope and identify potential attack vectors using design review and threat assessment.

3

Threat-Driven Method

Considering risks derived from the threat assessment, the auditors devise a robust method to evaluate each control sufficing due diligence.

4

Multi-Method Approach

We integrate a multi-method approach using NZISM, ISO 27001, NIST 800-53 and PCI DSS to guide the audit process. The approach makes the audit rigorous.

5

Control Effectiveness

The auditor looks into the effectiveness of the control to verify its presence to reduce the likelihood of threat and risks.

6

Evidence-Based Conclusion

The auditors collect and collate the evidence from different sources to conclude. The auditors take the necessary step to draw an evidence-based report.

FAQ

Frequently Asked Questions about the Essential Eight

What is the Essential Eight?

The Essential Eight is an Australian cyber security framework comprising eight crucial strategies from the Australian Cyber Security Centre (ACSC) “Strategies to Mitigate Cyber Security Incidents.” It provides a roadmap for organizations to prioritize their cybersecurity efforts on the most critical risks.

What are the eight strategies?

Application Control, Patch Applications, Configure Microsoft Office Macro Settings, User Application Hardening, Restrict Administrative Privileges, Patch Operating Systems, Multi-Factor Authentication (MFA), and Perform Regular Backups.

How does the Essential Eight align with other standards?

Cianaa integrates a multi-method approach using NZISM, ISO 27001, NIST 800-53 and PCI DSS to guide the audit process. This approach makes the audit rigorous and supports compliance across multiple frameworks.

Why implement the Essential Eight?

It significantly improves overall security posture, reduces the risk of successful cyber attack, is cost-effective by focusing on the most critical risks, and provides a roadmap to meet cybersecurity regulatory requirements.

Australian Government Essential Eight

Ready to start your Essential Eight assessment?

ACSC Essential Eight maturity assessment — eight crucial mitigation strategies aligned to NZISM, ISO 27001, NIST 800-53 and PCI DSS. Covered by Cianaa across Australia, New Zealand and Asia Pacific.