iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The Australian Cyber Security Centre (ACSC) has announced an update to the Essential Eight Maturity Model.
Being the cyber wing of the Australian Signals Directorate, the ACSC has updated the Essential Eight to meet the changing nature of the industry and to assist organisations in best defending themselves from threat actors.
It has worked with both industry and government at a domestic and international level to generate the best understanding of what agencies need to defend themselves.
“As the Australian Signals Directorate (ASD) is committed to providing cyber security advice that is contemporary, fit for purpose and practical, the Essential Eight Maturity Model (E8MM) is updated annually,” wrote the ASD.
“In doing so, it is designed to assist organisations in protecting their internet-connected information technology networks against common cyber threats.”
The ASD has introduced a number of changes as part of its November 2023 update. The most significant, affecting maturity levels one, two and three, are changes to the requirements “for 48-hour response time frames for addressing vulnerabilities in online services from being applicable only when exploits for vulnerabilities exist to when either vulnerabilities are assessed as critical by vendors or working exploits exist.”
Additionally, the Essential Eight now requires organisations to scan their systems for critical vulnerabilities and high-risk software at least weekly rather than at least fortnightly.
The ASD also introduced changes to multifactor authentication (MFA), saying that customers of “online customer services that process, store or communicate sensitive customer data” should no longer be able to easily opt out of MFA.
On top of that, the ASD introduced changes to cloud service management and incident detection and response.
“As malicious actors become more sophisticated, it’s vital for us to adapt to the changing threat environment,” said the ACSC on LinkedIn.
“We have worked closely with government and industry – both domestic and international – to ensure this guidance is contemporary, fit for purpose and practical.
“Make sure you review the updates for your maturity level and implement the recommended security controls to keep your organisation and customers as protected as possible.”
The full updated Essential Eight Maturity Model can be found on the ACSC website.
Be the first to hear the latest developments in the cyber industry.
