This article has been indexed from The Duo Blog
Four years ago, the Australian Signals Directorate created the “Essential Eight” — recommendations to secure federal entities and improve cybersecurity protections. This month, the Attorney General’s Department announced plans to extend the protective security policy framework (PSPF) to require implementation and audit of all eight areas. This change reflects a movement we’re seeing in governments worldwide to be more assertive in improving government agency security.
The Australian Essential Eight identifies eight areas of focus for non-Corporate Commonwealth Entities (NCCEs) to improve their security. The eight areas are:
- Application Control
- Patch Applications
- Configure Microsoft Office Macro Settings
- User Application Hardening
- Restrict Administrative Privileges
- Patch Operating Systems
- Multi Factor Authentication
- Daily Backups
Each area comes with guidance to improve maturity of the area. So far, NCCEs appear to be struggling to implement the first four, but the Attorney General’s office intends to move forward with the recommendation to mandate implementation of all eight areas.
The Australian government’s plans to double down on cybersecurity for its own departments came at the same time President Biden issued an Executive Order on Improving US Cybersecurity aimed at improving efforts to “identify, deter, protect against, detect, and respond to these actions and actors.”
Though broader in scope than the Australian Essential Eight, and specifically targeted at improving supply chain security, there are areas of overlap that should be noted:
- Requirement for Zero Trust Architecture
- Requiring use of Multi-Factor Authentication
- Requiring use of Encryption at Rest and in Transit
- Use of trusted source code from vendors, including a Software Bill of Materials (SBOM)
- Standardizing incident response processes across all agencies
- Use of Endpoint Detection and Response (EDR) capabilities
Both governments recognize the need for their own agencies to improve their cyber defenses, as well as their depend
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Securing Government Agencies: Essential Eight and Other Efforts