Achieve Faster Essential Eight Compliance

Whether you're uplifting your security posture or delivering a cyber security mandate for your organisation, Assertiv Consulting is able to expertly guide you through the Essential Eight to meet your cyber security goals.

Arrange an assessment and see how we can help you achieve faster compliance.

GET STARTED

About Us

Assertiv Consulting is an Australian based IT Security Consulting and Managed Services provider. We specialise in designing, building and maintaining Identity security solutions for companies striving to embrace a “least privilege” approach to cyber security. Utilising our cyber security expertise and our focus on Identity related solutions, Assertiv Consulting is uniquely positioned to assist companies seeking to comply with Essential Eight mitigation strategies.

If you have an immediate requirement to comply with the Essential Eight, reach out today and discover how we can help you quickly achieve continuous compliance through our Essential Eight Compliance Accelerator.

GET STARTED

What is the ACSC Essential Eight?

The Australian Cyber Security Centre (ACSC) introduced Essential Eight in 2017 as cybersecurity guidance to provide a set of mitigation strategies and defensive measures against threats affecting Australian organisations.

The Essential Eight measures are designed to prevent and contain cyberthreats like malware, phishing, ransomware, and data breaches. Implementing Essential Eight security measures is much less expensive than dealing with the consequences of a cyberattack.

GET STARTED

Essential Eight Controls

1. Application Control

Basic protection rules should be implemented so that users can access devices and systems in a controlled and protected manner.

2. Patch Applications

Organisations must monitor employees’ tools daily to detect vulnerabilities so that patches can be implemented.

3. Microsoft Office Macros

Organisations should disable Microsoft Office macros for users that don’t have a business requirement. Macros’ security settings cannot be changed by users.

4. User Application Hardening

Organisations should restrict web browsers from processing Java and web advertisements on the internet.

5. Restrict Admin Privileges

This control requires organisations to identify privileged users and establish policies defining their access to IT systems.

6. Patch Operating Systems

Organisations must ensure that patches, updates, or vendor mitigations for security vulnerabilities are updated regularly or within a specific time frame.

7. Multi-Factor Authentication

Organisations to use Multi-factor Authentication (MFA) when users authenticate to their organisation’s internet-facing services or authenticate to third-party internet-facing services that process, store, or communicate their organisation’s data.

8. Regular Backups

Organisations perform and retain backups and test them as part of a disaster recovery plan. Unprivileged users can access backups but can’t modify or delete them.

Essential Eight Maturity Model

The ACSC has created the Essential Eight Maturity Model to assist organisations in assessing how well they are implementing the mitigation strategies. The Essential Eight Maturity Model has four levels of maturity:

Level 0

At this level, organisations exhibit weaknesses in their cybersecurity posture that can be exploited by threat actors using common tools and methods.

Level 1

Organisations at this level have basic protections in place that help prevent cyber criminals and other threat actors, using common tools and methods, to break into systems.

Level 2

Organisations that achieve this level of maturity have strategies in place to mitigate a variety of sophisticated security attacks that seek to exploit elevated user privileges and other potential weaknesses such as credential harvesting.

Level 3

The highest level of maturity: these organisations implement a range of tools such as specific application controls, workstation logging and monitoring to ensure anomalous activity can be quickly detected and investigated and they undertake rapid patching of known vulnerabilities.

Essential Eight

Compliance Accelerator

The Essential Eight Compliance Accelerator combines a series of consulting engagements, specific toolsets and service offerings to assist organisations to achieve an initial level of Essential Eight compliance. Over time, as organisational processes continue to mature, we help you achieve continuous compliance and increased maturity levels via ongoing assessments and remediation.

The first step in achieving Essential Eight compliance is to perform a baseline assessment to determine any areas of non-compliance and remediation. Assertiv Consulting’s Essential Eight Assessment includes the following activities and deliverables:

• Discovery review and workshops
  
• Gap Analysis against the Essential Eight controls
  
• Compliance assessment correlated with maturity levels
  
• Compliance report detailing maturity level per control
  
• Remediation options to achieve Level 1 maturity compliance or higher
• Your roadmap to achieve Essential Eight compliance
• Recommendations and next steps

Start your Essential Eight project now

If you have a mandate to achieve Essential Eight compliance, kick start your project today. Our team is ready to start planning your project and achieve faster compliance using the Assertiv Consulting Essential Eight Compliance Accelerator.

GET STARTED

Want to get in touch sooner? Give us a call on 1300 181 171