Important Changes to the Essential 8 Maturity Model (E8MM)

21/03/2024by admin0Read: 2 minutes

The Australian Signals Directorate (ASD), operating through its Australian Cyber Security Centre (ACSC), has recently implemented substantial revisions to the Essential 8 Maturity Model (E8MM).

These updates, applicable across all tiers of the Maturity Model, place a strong emphasis on various cybersecurity measures including patching, multi-factor authentication (MFA), administration privileges, application control, and incident protection and response.

The primary course of action stemming from these changes involves evaluating your organization’s existing cybersecurity maturity against the updated benchmarks and incorporating these modifications to ensure optimal defence mechanisms for your enterprise.

Understanding Implications of Updates Across Respective Maturity Levels

1) Patching

In response to an ASD evaluation concerning the average time taken by malicious actors to exploit vulnerabilities, the patching updates now mandate organizations to address critical vulnerabilities within 48 hours. This adjustment affects Maturity Levels 1, 2, and 3. Moreover, ASD has provided guidance on prioritising patching, particularly emphasizing applications that routinely interact with untrusted internet content.

2) Multi-factor Authentication (MFA)

MFA has undergone scrutiny, particularly at Maturity Level 1 where the specification of authentication factors was lacking. Additionally, some organizations were permitted to bypass MFA and utilise weak password-based authentication methods. To rectify these issues, the updated standards now require a minimum standard of MFA, incorporating both ‘something users have’ and ‘something users know’, enhancing security against weak authentication methods.

Furthermore, users across all Maturity Levels are mandated to authenticate to their workstations using phishing-resistant MFA.

3) Restriction of Administrative Privileges

The requirements for administration privileges have been broadened to encompass various activities, including granting, controlling, and revoking privileged access to systems and applications. Additional measures include preventing internet access by privileged accounts and ensuring stringent credential management. These changes impact Levels 1 to 3.

4) Application Control

To counter the rising use of legitimate system tools for malicious purposes, updates in application control focus on annual reviews of control rulesets and the implementation of Microsoft’s application blocklist at lower maturity levels (Level 2).

5) Microsoft Office Macros:

The requirement to collect and analyse macro execution events has been removed due to limited benefits and implementation challenges.

A new requirement enforces the use of newer, more secure V3 digital signatures for macros to mitigate tampering vulnerabilities.

6) User Application Hardening:

With the discontinuation of support for Internet Explorer 11, organisations are urged to disable or uninstall it. Furthermore, there are requirements to implement both ASD and vendor hardening guidance, with precedence given to the more stringent requirements. Additionally, there are amendments to PowerShell logging requirements to enhance efficiency.

7) Regular Backups:

While there are no significant changes to backup requirements, organizations are encouraged to prioritise backups based on the criticality of their data.

8) Cross-cutting Measures:

A new requirement for centralising event logs collection, protection, and analysis aims to enhance detection capabilities, particularly for stealthy attacks.

The updates to the Essential Eight Maturity Model signify a proactive approach towards bolstering cybersecurity resilience across organisations for varying maturity levels. By aligning compliance efforts with CSR objectives, and these revised standards, organisations can not only meet legal obligations but also contribute positively to society. They can enhance their resilience against evolving cyber threats and ensure the protection of critical assets.

Organisations need to understand these updates thoroughly and implement them effectively to mitigate cyber risks and ensure a secure digital environment.

Anitech’s experienced cybersecurity consultants can help businesses understand and implement these newly introduced changes.

Feel free to contact us at 1300 802 163 or e-mail – sales@anitechgroup.com.


Leave a Reply

Your email address will not be published. Required fields are marked *

Get the latest news, product updates and Event updates.

Copyright @ 2023. All Rights reserved.