Sun. Dec 22nd, 2024

As the cybersecurity division of the Australian Signals Directorate, the ACSC has recently updated the Essential Eight framework to adapt to the evolving landscape of the industry and assist organisations in effectively defending themselves against threat actors.

Through collaboration with industry and government at both domestic and international levels, the ACSC has gained comprehensive insights into the needs of agencies to bolster their defence mechanisms.

The commitment of the Australian Signals Directorate (ASD) to providing contemporary, purposeful, and practical cybersecurity advice is reflected in the annual updates to the Essential Eight Maturity Model (E8MM). This model is specifically designed to aid organisations in safeguarding their internet-connected information technology networks against common cyber threats.

The November 2023 update by the ASD introduces significant changes, particularly impacting maturity levels one, two, and three. Noteworthy adjustments include alterations to the requirements for the 48-hour response time frame for addressing vulnerabilities in online services. This timeframe is now applicable when either vulnerabilities are assessed as critical by vendors or when working exploits exist, as opposed to only when exploits for vulnerabilities exist.

Furthermore, Essential Eight now mandates organisations to conduct weekly scans for critical vulnerabilities and high-risk software, replacing the previous requirement of at least fortnightly scans. The ASD has also implemented changes to multifactor authentication (MFA), specifying that customers of online services dealing with sensitive customer data should no longer have easy opt-out options for MFA.

In addition to these updates, the ASD has introduced changes related to cloud service management and incident detection and response, further strengthening organisations’ cybersecurity posture.

“As malicious actors become more sophisticated, it’s vital for us to adapt to the changing threat environment,” said the ACSC on LinkedIn.

“We have worked closely with government and industry – both domestic and international – to ensure this guidance is contemporary, fit for purpose and practical.

“Make sure you review the updates for your maturity level and implement the recommended security controls to keep your organisation and customers as protected as possible.”

By