top of page

What is this Essential Eight Thing?

Updated: Sep 30, 2023

G'day, here's a little about our Aussie version of NIST, and it is pretty awesome!

The "Essential Eight" Security Standard, in Australia, also known as the "Strategies to Mitigate Cyber Security Incidents " is an initiative that holds importance for the Australian Cyber Security Centre (ACSC). Its main objective is to strengthen the cybersecurity defenses of government entities and vital infrastructure organisations in Australia. Launched in 2017 the Essential Eight serves as a guide that helps organisations protect their systems and data from cyber threats and attacks.

The Essential Eight comprises eight strategies designed to counter the most common and damaging cybersecurity threats faced by organisations. These strategies include;

1. Application Allowlisting: By creating a list of approved applications and allowing those to run on systems, we can prevent malicious software from operating.

2. Updating Applications: Regularly updating and fixing software applications to address known vulnerabilities is crucial in reducing the risk of attackers exploiting them.

3. Configuring Microsoft Office Macro Settings: Given that cyber adversaries can manipulate Microsoft Office macros it is vital to adjust settings to protect against macros originating from sources.

4. User Application Strengthening: This involves customizing web browsers and email clients to disable potentially risky features, thus narrowing down the attack routes.

5. Limiting Administrative Access: By granting privileges to those who truly require them, we can discourage unauthorised entry and minimise the impact of potential security breaches.

6. Updating Operating Systems: Similar to the strategy, this approach emphasises the importance of keeping device operating systems up, to date with the security patches.

7. Multi-Factor Authentication (MFA): MFA adds a layer of security requiring users to provide verification methods before gaining access to systems and data.

8. Regular backups: safeguard data from ransomware attacks, accidental deletions, and system failures. Having up-to-date backups also ensures business continuity, minimising downtime and data loss.

Also, Securing and Updating Your Web Browsers: It's crucial to ensure that web browsers are up-to-date and configured securely to protect against web-based attacks and harmful content.

We believe that every organisation is a little unique. Therefore, we encourage them to implement these strategies in a way that suits their risks and challenges. The Essential Eight is not a template but a flexible framework that can be adapted for scenarios.

In conclusion, the Australian "Essential Eight" Security Standard is a cybersecurity guide developed by the ACSC. It consists of eight core strategies aimed at mitigating cyber threats while enhancing the security posture of government entities and vital infrastructure units. By embracing these strategies organisations can significantly reduce their cyber vulnerabilities. Strengthen their defenses against cyber attacks.

Get in touch with us today. We're available to provide guidance and assistance. Explore how Q10 Systems can help your business achieve compliance with the Essential Eight requirements.


Recent Posts

See All


bottom of page