Updates to ASD Essential Eight

Tony Coe

The ASD Essential Eight framework underwent significant updates in November 2023. These changes reflect the rapidly evolving cybersecurity landscape and introduce more stringent and targeted measures.

MFA - There have been increases in the application and strength of Multi-Factor Authentication (MFA) across the lower maturity levels.
 
Application Hardening - Additional measures have been adopted at lower maturity levels, with other requirements applied more stringently, meaning stricter configurations for users to protect endpoints.

Application Control - Adaptive security strategies now focus on performing annual reviews of application control rulesets and implementing Microsoft’s recommended application blocklist, even at lower maturity levels.
 
Application and OS patching - Patching strategies have been rebalanced to priorities applications that need patching the most while being more lenient on others.

Restriction of administrative privileges has undergone a welcome change that allows for the use of privileged accounts to access the internet in a limited matter to administer cloud-based services. Such accounts need to be explicitly identified and strictly limited.
 
Backups - Organisations are now encouraged to consider the business impact of their backups, not just the criticality of their data.
 
Microsoft Office Macros - A new requirement has been added to enforce the use of newer, and more secure, V3 digital signatures for macros.

Talk to Exigence about the ASD Essential Eight!

For organisations, this means adopting a more nuanced and responsive approach to cyber defence, one that evolves in tandem with the threat landscape. To learn more, we invite you to engage with our team for further information.

Contact Exigence