The federal government has rejected a recommendation to make the Australia Signals Directorate’s “baseline” Essential Eight cyber mitigation strategies mandatory.
Earlier this month the government quietly tabled its response to an 18-month old Joint Committee of Public Accounts and Audit report on cyber resilience.
Among other recommendations, the bipartisan committee suggested that the ASD Essential Eight cyber security strategies be made mandatory for all departments and agencies.
“The Committee views the implementation of the Essential Eight by all government entities as a matter of best practice and critical to enhancing the Commonwealth’s cyber posture as a whole,” the report said.
The Essential Eight is meant to be a baseline checklist of basic steps agencies can take to shore up their cyber resilience and make it “much harder for adversaries to compromise systems”.
“Implementing the Essential Eight proactively can be more cost-effective in terms of time, money and effort than having to respond to a large-scale cybersecurity incident,” the Australian Cyber Security Centre said.
The Essential Eight includes application white-listing, patching…
