ACSC Essential 8 Compliance Monitoring

ASD and ACSC Essential 8 compliance solution

Identify your ACSC Essential 8 compliance and maturity

 

Measure your ACSC Essential 8 compliance.  Huntsman Security’s Essential 8 Monitoring tools accurately measures security control effectiveness and maturity levels against the Essential 8 Maturity Model ; a  fast, simple way to improve compliance, provide visibility and share reports with all key stakeholders.

 

An image showing how Huntsman Security solutions provide accurate measurement of ACSC Essential 8 compliance

Essential 8 Auditor – Security Control Summary Dashboard

 

The Australian Cyber Security Centre’s ACSC  Essential 8  risk management framework is a prioritised list of eight mitigation strategies  (security controls) organisations can implement to protect their systems against a range of adversaries. The Australian Signals Directorate (ASD) found that when operating effectively, the Essential 8 mitigates 85% of targeted cyber-attacks.

 

ACSC Essential Eight Security Controls

Download the Essential 8 Risk & Compliance Guide

 

Why should your organisation implement the security controls?

 

Federal Government Mandatory Requirements

The  Essential 8 was published in February 2017; Australian Federal Government had previously mandated the Top 4 of these mitigation strategies for federal government departments back in 2014.  The Top 4 are also mandated by the Attorney-General’s Department’s Protective Security Policy Framework (PSPF).  The Australian Signals Directorate considers the Essential 8 to be the most effective cyber resilience ‘baseline’ for all organisations.

The December 2019 release of the Australian Government Information Security Manual (ISM) states that organisations should:

  • Assess security controls for the system and its environment to determine if they have been implemented correctly and are operating as intended.
  • Monitor the system, and associated cyber threats, security risks and security controls, on an ongoing basis.

The ACSC Essential 8 complements the advice in the ISM. The ACSC Advisory 2020-008  states that  two of the Essential Eight controls which, if implemented, would have greatly reduced the risk of compromise by the identified TTPs.

 

NSW Government Mandatory Requirements

The current NSW Government Cyber Security Policy became effective in February 2019.  The policy (section 1.5) requires, by 31 August each year, that each department submits a report detailing a maturity assessment against the ACSC Essential 8.

 

How to measure your organisation’s compliance to the ACSC Essential 8?

Whether your  operation sits within either a federal or NSW state government organisation you will require monitoring and reporting to assess your  current status and ongoing compliance posture against the Essential 8 risk mitigation strategies.

Huntsman Security’s Essential 8 reporting and compliance solutions, Essential 8 Auditor and Essential 8 Scorecard continuously collect and analyse events from your infrastructure, systems, services and applications to deliver measurement against the ACSC Essential 8 risk mitigation strategies.

 

Essential 8 Auditor

The Essential 8 Auditor executes as cyber risk audit.  The product delivers an immediate view of an organisation’s security control effectiveness against the Essential 8. No onsite engineering is required to install the product.

Essential 8 Auditor product provides an instant view of security control effectiveness

Discover more on the Essential 8 Auditor  web page

Essential 8 Scorecard

The Essential 8 Scorecard provides continuous cyber risk measurement by monitoring and reporting on an organisation’s ongoing security control effectiveness either directly or via your IRM platform.

Australian Technology Competition Winner 2019

Essential 8 Scorecard product continuously measures essential 8 security control effectiveness

 Discover more on the Essential 8 Scorecard web page

 

Why customers use Huntsman Security technology for ACSC Essential 8 monitoring

 

Flexibility and Visibility

  • Provides an immediate view of your security control effectiveness
  • Operates across cloud, on-premise or hybrid environments
  • Accurate and continuous view of compliance
  • Reliable metrics for governance review

Improves effectiveness of resources

  • Removes unknown of compliance self-assessment and reporting
  • Instantly identifies non-compliance for remediation
  • Saves time, cost and money when compared to a breach

Positions cyber security as a strategic priority

  • E8 mitigation strategies recommended for adoption by all Government
  • E8 monitoring critical to enhancing cyber posture and security awareness
  • E8 is key to defence and resilience that support on-going government service and operations

 

Want to find out more?

Download our Essential 8 Risk & Compliance Guide to discover how to measure the effectiveness of  your organisation’s security controls.

Download the Risk & Compliance Guide

Download Essential 8 Case Study