How to make your Essential Eight program a springboard to Zero Trust

The ACSC’s Essential Eight has long been held up as a simple and practical set of priority controls that helps organisations defend themselves against common attack tactics. It includes strategies such as application allowlisting, OS and application patching, blocking macros, user application hardening, restricting admin privileges, multi-factor authentication and daily backups. While it has long been recommended, the Essential Eight will soon be mandated for public sector entities as part of planned changes by the Government to the Protective Security Policy Framework (PSPF).

This whitepaper sets out to explore approaches to complying with Essential Eight that best support the transition to a Zero Trust future.

Zero Trust, in which users and devices are continuously validated and verified before access to resources is granted, has emerged as the answer to contemporary security challenges posed by widespread uptake of mobile and cloud technologies.

Identity and access is arguably at the core of Zero Trust. This makes the deployment of multi-factor authentication – as required under the Essential Eight – both a logical place and foundational step for Australian organisations in their Zero Trust journey.