Do you need to comply with the ACSC Essential 8?
The cyber threat landscape is becoming busier and more sophisticated every day. Maintaining a robust set of security controls is critical in defending your organisation.
The Australian Cyber Security Centre’s ACSC Essential 8 mitigation strategies is a prioritised list of security controls organisations can implement to protect their systems against a range of adversaries. The Australian Signals Directorate (ASD) found that when operating effectively, the Essential 8 mitigates 85% of targeted cyber-attacks.
Why should your organisation implement the security controls?
Federal Government Mandatory Requirements
The Essential 8 was published in February 2017; Australian Federal Government had previously mandated the Top 4 of these mitigation strategies for federal government departments back in 2014. The Top 4 are also mandated by the Attorney-General’s Department’s Protective Security Policy Framework (PSPF). The Australian Signals Directorate considers the Essential 8 to be the most effective cyber resilience ‘baseline’ for all organisations.
The July 2019 release of the Australian Government Information Security Manual (ISM) states that organisations should:
- Assess security controls for the system and its environment to determine if they have been implemented correctly and are operating as intended.
- At the conclusion of any security assessment, produce a security assessment report outlining the effectiveness of the implementation of security controls, the system’s strengths and weaknesses, any recommended remediation activities, and an assessment of security risks associated with the operation of the system.
The ACSC Essential 8 complements the advice in the ISM.
NSW Government Mandatory Requirements
The current NSW Government Cyber Security Policy became effective in February 2019. The policy (section 1.5) requires, by 31 August each year, that each department submits a report detailing a maturity assessment against the ACSC Essential 8.
How can your organisation measure its compliance to the ACSC Essential 8?
Whether your operation sits within either a federal or NSW state government organisation you will require monitoring and reporting to assess your current status and ongoing compliance posture against the Essential 8 risk mitigation strategies.
Huntsman Security’s Essential 8 reporting and compliance solutions, Essential 8 Auditor and Essential 8 Scorecard continuously collect and analyse events from your infrastructure, systems, services and applications to deliver measurement against the ACSC Essential 8 risk mitigation strategies.
Essential 8 Auditor
The Essential 8 Auditor executes as cyber risk audit. The product delivers an immediate view of an organisation’s security control effectiveness against the Essential 8.
Essential 8 Scorecard
The Essential 8 Scorecard provides continuous cyber risk measurement by monitoring and reporting on an organisation’s ongoing security control effectiveness. 
Why customers use Huntsman Security technology for ACSC Essential 8 monitoring?
Flexibility and Visibility
- Provides an immediate view of your security control effectiveness
- Operates across cloud, on-premise or hybrid environments
- Accurate and continuous view of compliance
- Reliable metrics for governance review
Improves effectiveness of resources
- Removes unknown of compliance self-assessment and reporting
- Instantly identifies non-compliance for remediation
- Saves time, cost and money when compared to a breach
Positions cyber security as a strategic priority
- E8 mitigation strategies recommended for adoption by all Government
- E8 monitoring critical to enhancing cyber posture and security awareness
- E8 is key to defence and resilience that support on-going government service and operations
Want to find out more?
Download our Essential 8 Risk & Compliance Guide to discover how to measure the effectiveness of your organisation’s security controls.
Download the Risk & Compliance Guide
Download Essential 8 Case Study
