Essential 8 Audit is an audit conducted to test the Australian Companies against the 8 strategies recommended by the Australian Cyber Security Centre (ACSC). ACSC is the lead agency of the Australian Government overlooking cyber security. The 8 essential strategies contains mitigation as well as prevention measures for companies to protect themselves from cyber attacks. Since the recommendations are baselines and will not mitigate all the cyber threats, the organizations are suggested to add additional measures to further strengthen their cyber security postures. The Essential Eight by the ACSC is licensed under a Creative Commons Attribution 4.0 International License and copyright information can be found at ACSC | Copyright. © Commonwealth of Australia 2022.
As companies, complying with the Essential 8 audit will familiarize the company to the Essential Eight standard framework. The framework consists of collection of controls with their detailed description as well as the methods to test the controls. These controls are grouped into sets. The company can also consume these frameworks by customizing it to their requirement and environment. Using this, they can create processes which supports security and governance and also collect the evidences required in the preparation process.
The strategies covered in the essential 8 are as follows:
i) Patch applications
ii) Application control
iii) Configure Microsoft Office macro settings
iv) User application hardening
v) Restrict administrative privileges
vi) Patch operating systems
vii) Multi-factor authentication
viii) and regular backups.
Essential
Compliance to the essential 8 will ensure that organizations have covered the basic security requirements. The crux of organizational security, after all, lies in ensuring basic steps are covered.