What are the Essential Eight

The Australian Signals Directorate’s Essential Eight Strategies to Mitigate Cyber Security Incidents was developed as a prioritised baseline to assist organisations in protecting their systems against a range of cyber threats.

Notably, the Essential Eight is just a starting point and is not exhaustive. Organisations should conduct regular risk assessments and adopt additional strategies based on their specific threat environment.

For government entities covered by the Protective Security Policy Framework (PSPF), Policy 10: Safeguarding data from cyber threats specifies that in addition to implementing the Essential Eight, entities should:

“[consider] which of the remaining mitigation strategies from the Strategies to Mitigate Cyber Security Incidents need to be implemented to achieve an acceptable level of residual risk for their entity.”

Over the coming months, I’ll endeavour to produce more detailed explainers demonstrating why each of the Essential Eight is important, and focusing on how the controls are assessed.

The table below lists the Essential Eight, the typical exploits each strategy helps protect against and a brief example.

Essential Eight Strategies

1. Application Control

2. Patch Applications

3. Configure Microsoft Office macro settings

4. User Application Hardening

5. Restrict Administrative Privileges

6. Patch Operating Systems

7. Multi-Factor Authentication

8. Daily Backups