The Australian Signals Directorate Essential 8
Implementing a foundational cybersecurity framework to protect Australian organisations from modern Cyber Threats
Overview
What is the ASD Essential 8?
The Essential 8 is a prioritised list of mitigation strategies released by the Australian Signals Directorate to assist organisations in protecting their systems against a range of adversaries
Solutions
What are the 8 Key Pillars?
Application Control
Prevent execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers
Microsoft Office Macros
Block macros from the internet, and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.
Application Patching
e.g. Flash, web browsers, Microsoft Office, Java and PDF viewers. Patch/mitigate computers with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest version of applications.
User Application Hardening
Configure web browsers to block Flash (ideally uninstall it), ads and Java on the internet. Disable unneeded features in Microsoft Office (e.g. OLE), web browsers and PDF viewers
Administrative Privileges
Operating systems and applications based permissions on user duties. Regularly revalidate the need for privileges. Don’t use privileged accounts for reading email and web browsing.
Operating System Patching
Patch/mitigate computers (including network devices) with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest operating system version. Don't use unsupported versions.
Multifactor Authentication
Including for VPNs, RDP, SSH and other remote access, and for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository
Daily Backups
Important new/changed data, software and configuration settings, stored disconnected, retained for at least three months. Test restoration initially, annually and when IT infrastructure changes
Features
The Essential 8 Solution
Vektor Cybersecurity can leverage the latest technology and services to Audit, Report, Recommend or implement an ASD Essential 8 compliance strategy for your organisation. Our QUANTEX™ Secure platform is Essential 8 Compliant and will enhance your organisational security posture – QUANTEX™ Insight, QUANTEX™ Core and QUANTEX™ Culture, Identity and Continuity.
How secure is your cyber security framework?
Don’t guess.
Let’s complete a penetration test to find out.