Updates to the ACSC Essential Eight Maturity Model
Earlier this month the Australian Cyber Security Centre (ACSC) released an update to the Essential Eight Maturity Model (E8).
The E8 is a prioritised extract of key cyber security strategies from the Australian Government’s Information Security Manual (ISM) that, as a collective, have been shown to significantly increase the difficulty that adversaries would face when attempting to compromise a network.
These strategies include:
- Mitigating known application whitelisting bypass techniques;
- Raising the bar for less mature implementations of application whitelisting;
- Expanding the scope of application whitelisting to servers as well as workstations;
- Effectively patching vulnerabilities in and operating systems;
- Hardening systems and applications to mitigate users modifying settings that result in vulnerabilities;
- Correctly identifying less mature approaches to testing restoration of backups; and
- Increasing the frequency of testing restoration of backups.
For more detail on this update you can find it here.
Maintaining our commitment to ‘Making The World A Safer Place’, I wanted to let you know of the recent changes that we at CQR thought may be of interest to your organisation.
- An amendment to Maturity Level 3 now requires “Microsoft’s latest recommended block rules are implemented to prevent application whitelisting bypasses.”
- Restoration testing, where a full restoration test is no longer required to be level 1 – instead partial testing at least annually is required.
These changes may or may not affect your business – but should you wish to further understand possible effects they may have, or to provide you with some reassurance as to the effectiveness of your practices, CQR would be happy to arrange a time to visit your office to discuss.
For more information contact us directly here