Do you need to comply with the ACSC Essential 8?
Measure your Essential 8 Maturity and security control effectiveness with Huntsman Security’s Essential 8 Monitoring tools; a simple way to improve your compliance and provide fast, accurate reporting to all key stakeholders.
The Australian Cyber Security Centre’s ACSC Essential 8 risk management framework is a prioritised list of eight mitigation strategies (security controls) organisations can implement to protect their systems against a range of adversaries. The Australian Signals Directorate (ASD) found that when operating effectively, the Essential 8 mitigates 85% of targeted cyber-attacks.
Why should your organisation implement the security controls?
Federal Government Mandatory Requirements
The Essential 8 was published in February 2017; Australian Federal Government had previously mandated the Top 4 of these mitigation strategies for federal government departments back in 2014. The Top 4 are also mandated by the Attorney-General’s Department’s Protective Security Policy Framework (PSPF). The Australian Signals Directorate considers the Essential 8 to be the most effective cyber resilience ‘baseline’ for all organisations.
The December 2019 release of the Australian Government Information Security Manual (ISM) states that organisations should:
- Assess security controls for the system and its environment to determine if they have been implemented correctly and are operating as intended.
- Monitor the system, and associated cyber threats, security risks and security controls, on an ongoing basis.
The ACSC Essential 8 complements the advice in the ISM.
NSW Government Mandatory Requirements
The current NSW Government Cyber Security Policy became effective in February 2019. The policy (section 1.5) requires, by 31 August each year, that each department submits a report detailing a maturity assessment against the ACSC Essential 8.
How can your organisation measure its compliance to the ACSC Essential 8?
Whether your operation sits within either a federal or NSW state government organisation you will require monitoring and reporting to assess your current status and ongoing compliance posture against the Essential 8 risk mitigation strategies.
Huntsman Security’s Essential 8 reporting and compliance solutions, Essential 8 Auditor and Essential 8 Scorecard continuously collect and analyse events from your infrastructure, systems, services and applications to deliver measurement against the ACSC Essential 8 risk mitigation strategies.
Essential 8 Auditor
The Essential 8 Auditor executes as cyber risk audit. The product delivers an immediate view of an organisation’s security control effectiveness against the Essential 8. No onsite engineering is required to install the product.
Essential 8 Scorecard
The Essential 8 Scorecard provides continuous cyber risk measurement by monitoring and reporting on an organisation’s ongoing security control effectiveness either directly or via your IRM platform.
Why customers use Huntsman Security technology for ACSC Essential 8 monitoring?
Flexibility and Visibility
- Provides an immediate view of your security control effectiveness
- Operates across cloud, on-premise or hybrid environments
- Accurate and continuous view of compliance
- Reliable metrics for governance review
Improves effectiveness of resources
- Removes unknown of compliance self-assessment and reporting
- Instantly identifies non-compliance for remediation
- Saves time, cost and money when compared to a breach
Positions cyber security as a strategic priority
- E8 mitigation strategies recommended for adoption by all Government
- E8 monitoring critical to enhancing cyber posture and security awareness
- E8 is key to defence and resilience that support on-going government service and operations
Want to find out more?
Download our Essential 8 Risk & Compliance Guide to discover how to measure the effectiveness of your organisation’s security controls.