Within these guidelines, there are eight mitigation strategies they perceive as the most effective in protecting Microsoft Windows-based, internet- connected networks. These are known as the Essential Eight.

First published in June 2017 and updated regularly, the ACSC states the Essential Eight Maturity Model is based on their “experience in producing cyber threat intelligence, responding to cyber security incidents, conducting penetration testing and assisting organisations to implement the Essential Eight”.

It is important to note that whilst the eight mitigation strategies could be applied to securing cloud services, enterprise mobility and other operating systems, alternative mitigation strategies may be more appropriate.

What are the eight mitigation strategies?
  1. Application Control - Prevent execution of unapproved/malicious programs in applications
  2. Patch Applications - Mitigate applications with security vulnerabilities
  3. Configure Microsoft Office macro settings - Mitigate risk of malicious code in Microsoft Office macros
  4. User Application Hardening - Disable the unnecessary or high-risk functions in Microsoft Office, web browsers and PDF viewers
  5. Restrict Administrative Privileges - Secure access to operating systems and applications based on user duties
  6. Patch Operating Systems - Mitigate operating systems (Windows, macOS and Linux) with security vulnerabilities
  7. Multi-factor Authentication - Implement authentication that requires two or more authentication factors