The Australian Signals Directorate (ASD), through its Australian Cyber Security Centre (ACSC), recommends that all organisations implement its Essential Eight controls for mitigating cyber attacks. The clue is in the name.
But for the Australian government as a whole, not so much.
A whole-of-government response to a long-running parliamentary inquiry, released early this month, merely “notes” the inquiry’s recommendation to mandate the Essential Eight controls for all government agencies, but declines to move beyond “strongly recommending” just four of them.
“The Essential Eight represents ASD’s best advice on the measures an entity can take to mitigate the threat of a cyber incident and manage their risks. However, the government will consider mandating the Essential Eight when cyber security maturity has increased across entities,” the response said.
“The cybersecurity maturity and implementation of the Essential Eight strategies within entities is currently both a compliance and risk management issue for each accountable authority, due to the unique risk environments and operations of…
