Macquarie Government Toggle Search

Home Essential 8 Restricting administrative privileges

MacGov Cyber Security hub support

Essential 8 - Restricting administrative privileges.

Malicious actors often use malicious code (also known as malware) to exploit vulnerabilities in workstations and servers. Restricting administrative privileges makes it more difficult for malicious actors to elevate privileges, spread to other hosts, hide their existence, persist after reboot, obtain sensitive data or resist removal efforts.

An environment where administrative privileges are restricted is more stable, predictable, and easier to administer and support, as fewer users can make significant changes to their operating environment, either intentionally or unintentionally.

Essential 8 Maturity Level 2 Controls and our Solution.

Privileged accounts (excluding those explicitly authorised to access online services) are prevented from accessing the internet, email, and web services.

E8-SASE-pic

Privileged account and group management events are centrally logged.

Event logs are protected from unauthorised modification and deletion.

Event logs from internet-facing servers are analysed in a timely manner to detect cyber security events.

Cyber security events are analysed in a timely manner to identify cyber security incidents.

Cyber security incidents are reported to the Chief Information Security Officer, or one of their delegates, as soon as possible after they occur or are discovered.

Cyber security incidents are reported to ASD as soon as possible after they occur or are discovered.

Following the identification of a cyber security incident, the cyber security incident response plan is enacted.

E8 soc as a service

Cyber security events are analysed in a timely manner to identify cyber security incidents.

Cyber security incidents are reported to the Chief Information Security Officer, or one of their delegates, as soon as possible after they occur or are discovered.

Cyber security incidents are reported to ASD as soon as possible after they occur or are discovered.

Following the identification of a cyber security incident, the cyber security incident response plan is enacted.

Requests for privileged access to systems, applications, and data repositories are validated when first requested.

Privileged access to systems, applications, and data repositories is disabled after 12 months unless revalidated.

Privileged access to systems and applications is disabled after 45 days of inactivity.

Privileged users are assigned a dedicated privileged account to be used solely for duties requiring privileged access.

Privileged accounts explicitly authorised to access online services are strictly limited to only what is required for users and services to undertake their duties.

Privileged users use separate privileged and unprivileged operating environments.

Privileged operating environments are not virtualised within unprivileged operating environments.

Unprivileged accounts cannot log on to privileged operating environments.

Privileged accounts (excluding local administrator accounts) cannot log on to unprivileged operating environments.

Administrative activities are conducted through jump servers.

Credentials for break glass accounts, local administrator accounts, and service accounts are long, unique, unpredictable, and managed.

climber image

We get you there and keep you there.

We deliver solutions to meet all of the mandated controls for Essential 8 Maturity Level 2, working hand-in-hand with your IT team. Whether it’s a comprehensive compliance program or closing critical gaps, we have the expertise you need.

We do the heavy lifting.

We’ve created solutions addressing the more difficult aspects of achieving, maintaining and reporting on ML2, reducing the risk on non-compliance. As Essential 8 is further developed and refined, we’ll be there to keep you complaint

weightlifter

Get in touch with our Essential 8 experts now.

We are always here to answer your enquiries.

Call us Enquire online
1800 004 943
Open Live Chat

We'll be in touch with you soon.

Thank you for contacting us. Our specialists will get in touch with you shortly.