Essential Eight Maturity Model - Level One
First level of the Australian Signals Directorate's Essential Eight cybersecurity framework for businesses.
Source: Australian Cyber Security Centre
Application Control
- Prevent execution of unapproved programs on workstations
Use application whitelisting to allow only approved software
Patch Applications
- Patch applications within two weeks of release
Apply security patches to applications like web browsers, Microsoft Office, Java
Configure Microsoft Office Macros
- Block macros from the internet
Disable macros in files downloaded from the internet
User Application Hardening
- Configure web browsers to block Flash and ads
Disable Flash, Java, and configure ad blocking
Restrict Admin Privileges
- Restrict administrative privileges to users that need them
Don't give admin access to regular users
Patch Operating Systems
- Patch operating systems within two weeks
Keep Windows, macOS, and Linux systems up to date
Multi-Factor Authentication
- MFA for all users when accessing internet-facing services
Require MFA for email, VPN, cloud services
Regular Backups
- Perform regular backups of important data
Backup at least weekly and test restoration
Want this as a printable pack? Grab all our checklists and bring your questions to the free weekly call.
Get the pack + the free call