Essential Eight
ACSC Essential Eight
Huit stratégies de mitigation priorisées que le Centre australien de cybersécurité considère comme le socle le plus efficace contre les attaques courantes. Évaluées par niveau de maturité plutôt qu'en tout ou rien.
Who it applies to
Recommandé pour toutes les organisations australiennes et obligatoire pour les entités non commerciales du Commonwealth. Un socle pragmatique mesuré sur des niveaux de maturité ML1 à ML3.
Mitigation strategies
- E8-1 Patch applications10 mapped
Patch or mitigate application vulnerabilities, prioritising internet-facing services.
- E8-2 Patch operating systems10 mapped
Patch or mitigate operating-system vulnerabilities within defined timeframes.
- E8-3 Multi-factor authentication16 mapped
Enforce multi-factor authentication for users, remote access and privileged actions.
- E8-4 Restrict administrative privileges16 mapped
Restrict, validate and regularly revalidate administrative privileges.
- E8-5 Application control10 mapped
Allow only approved applications to execute.
- E8-6 Restrict Microsoft Office macros10 mapped
Disable or restrict macros, allowing only vetted ones from trusted locations.
- E8-7 User application hardening10 mapped
Harden user applications such as browsers, disabling unneeded features like Flash, ads and Java.
- E8-8 Regular backups6 mapped
Perform and test regular backups of important data, software and configuration settings.