Essential 8 - Restricting administrative privileges.
Malicious actors often use malicious code (also known as malware) to exploit vulnerabilities in workstations and servers. Restricting administrative privileges makes it more difficult for malicious actors to elevate privileges, spread to other hosts, hide their existence, persist after reboot, obtain sensitive data or resist removal efforts.
An environment where administrative privileges are restricted is more stable, predictable, and easier to administer and support, as fewer users can make significant changes to their operating environment, either intentionally or unintentionally.
Essential 8 Level 2 Controls and our Solution.
| Privileged accounts (excluding those explicitly authorised to access online services) are prevented from accessing the internet, email and web services. |  |
| Privileged account and group management events are centrally logged. |  |
| Event logs are protected from unauthorised modification and deletion. | |
| Event logs from internet-facing servers are analysed in a timely manner to detect cyber security events. | |
| Cyber security events are analysed in a timely manner to identify cyber security incidents. | |
| Cyber security incidents are reported to the Chief Information Security Officer, or one of their delegates, as soon as possible after they occur or are discovered. | |
| Cyber security incidents are reported to ASD as soon as possible after they occur or are discovered. | |
| Following the identification of a cyber security incident, the cyber security incident response plan is enacted. |
| Cyber security events are analysed in a timely manner to identify cyber security incidents. |  |
| Cyber security incidents are reported to the Chief Information Security Officer, or one of their delegates, as soon as possible after they occur or are discovered. | |
| Cyber security incidents are reported to ASD as soon as possible after they occur or are discovered. | |
| Following the identification of a cyber security incident, the cyber security incident response plan is enacted. | |
| Requests for privileged access to systems, applications and data repositories are validated when first requested. | |
| Privileged access to systems, applications and data repositories is disabled after 12 months unless revalidated. | |
| Privileged access to systems and applications is disabled after 45 days of inactivity. | |
| Privileged users are assigned a dedicated privileged account to be used solely for duties requiring privileged access. | |
| Privileged accounts explicitly authorised to access online services are strictly limited to only what is required for users and services to undertake their duties. | |
| Privileged users use separate privileged and unprivileged operating environments. | |
| Privileged operating environments are not virtualised within unprivileged operating environments. | |
| Unprivileged accounts cannot logon to privileged operating environments. | |
| Privileged accounts (excluding local administrator accounts) cannot logon to unprivileged operating environments. | |
| Administrative activities are conducted through jump servers. | |
| Credentials for break glass accounts, local administrator accounts and service accounts are long, unique, unpredictable and managed. |
We get you there and keep you there.
We deliver solutions to meet all of the mandated controls for Essential 8 Maturity Level 2, working hand-in-hand with your IT team. Whether it’s a comprehensive compliance program or closing critical gaps, we have the expertise you need.
We do the heavy lifting.
We’ve created solutions addressing the more difficult aspects of achieving, maintaining and reporting on ML2, reducing the risk on non-compliance. As Essential 8 is further developed and refined, we’ll be there to keep you complaint.
