ASD: Essential Eight

The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help technical cyber security professionals mitigate cyber security incidents.   

The “Essential Eight” mitigation strategies incorporates the Top 4 mitigations.  Correct implementation of these eight mitigations provides a cyber security baseline for organisations.  

Find out more about the ASD Essential Eight: Download PDF (265 KB)

The Essential Eight

To prevent malware running

  1. 1) Application whitelisting

A whitelist only allows selected software applications to run on computers.

  1. 2) Disable untrusted Microsoft Office macros

Microsoft Office applications can use software known as 'macros' to automate routine tasks.

  1. 3) Patch applications

A patch fixes security vulnerabilities in software applications.

  1. 4) User application hardening

Block web broser access to Adobe Flash Player (uninstall if possible), web ads and untrasted Java code on the Internet.

To limit the extent of incidents and recover data

  1. 5) Restrict administrative privileges

Only use administrator privileges for managing systems, installing legitimate software and applying software patches. These should be restricted to only those that need them.

  1. 6) Multi-factor authentication

This is when a user is only granted access after successfully presenting multiple, separate pieces of evidence. Typically something you know, like a passphrase; something you have, like a physical token; and/or something you are, like biometric data.

  1. 7) Patch operating systems

A patch fixes security vulnerabilities in operating systems.

  1. 8) Daily backup of important data

Regularly back up all data and store it securely offline.


For further information, visit the Australian Signals Directorate (ASD) website: ASD Essential Eight