Pricing  Get Quote
 
 

Essential Eight

Self Service Password Management » Features » Essential Eight compliance regulation

Essential Eight compliance regulation

What is the Essential Eight?

The Essential Eight, published in 2017, is an Australian cybersecurity framework developed and maintained by the Australian Signals Directorate (ASD). It was enacted to protect organizations from potential online threats and cyberattacks. The Essential Eight regulations are applicable across a broad spectrum of networks, systems, and applications in the digital world.

The Essential Eight compliance mandates provide a robust cybersecurity strategy for businesses, divided across three primary objectives: prevention of cyberattacks, limiting the impact of cyberattacks, and data recovery and system availability.

What are the Essential Eight Security Controls?

The following are the latest Essential Eight Security Controls:

Preventing cyberattacks

  1. Patch applications
  2. Application control
  3. User application hardening
  4. Restrict Microsoft Office macros

Limiting the impact of cyberattacks

  1. Patch operating systems
  2. Restrict administrative privileges
  3. Multi-factor authentication (MFA)

Data recovery and system availability

  1. Regular backups

What is the Essential Eight Maturity Model?

The ASD has defined four maturity levels, Maturity Level Zero through Maturity Level Three, to help organizations implement the Essential Eight Security Controls systematically. These maturity levels (excluding Maturity Level Zero) provide increasing levels of cyberattack mitigation strategies for organizations to implement based on the perceived levels of attack techniques targeted at them by cybercriminals. Organizations are expected to implement each maturity level progressively as the goal of a previous maturity level has been reached.

The following table states the MFA requirements found in each maturity level and how ADSelfService Plus helps your organization comply with them.

MFA: Maturity Level One
Mitigation strategy description How ADSelfService Plus helps meet the strategy
MFA is used to authenticate users to their organization’s online services that process, store, or communicate their organization’s sensitive data. ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to their organization’s online services that process, store, or communicate their organization’s sensitive data.
MFA is used to authenticate users to third-party online services that process, store, or communicate their organization’s sensitive data. ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online services that process, store, or communicate their organization’s sensitive data.
MFA (where available) is used to authenticate users to third-party online services that process, store, or communicate their organization’s non-sensitive data. ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online services that process, store, or communicate their organization’s non-sensitive data.
MFA is used to authenticate users to their organization’s online customer services that process, store, or communicate their organization’s sensitive customer data. ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to their organization’s online customer services that process, store, or communicate their organization’s sensitive customer data.
MFA is used to authenticate users to third-party online customer services that process, store, or communicate their organization’s sensitive customer data. ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online customer services that process, store, or communicate their organization’s sensitive customer data.
MFA is used to authenticate customers to online customer services that process, store, or communicate sensitive customer data. ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate customers to online customer services that process, store, or communicate sensitive customer data.
MFA uses either: something users have and something users know, or something users have that is unlocked by something users know or are. ADSelfService Plus provides 20 different authentication methods, which include something users have, such as smart cards, TOTPs, and YubiKeys; something users know, such as security questions and strong passwords; and something users are, such as biometric and FIDO2 authentication.
MFA: Maturity Level Two
MFA is used to authenticate users to their organization’s online services that process, store, or communicate their organization’s sensitive data. ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to their organization’s online services that process, store, or communicate their organization’s sensitive data.
MFA is used to authenticate users to third-party online services that process, store, or communicate their organization’s sensitive data. ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online services that process, store, or communicate their organization’s sensitive data.
MFA (where available) is used to authenticate users to third-party online services that process, store, or communicate their organization’s non-sensitive data. ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online services that process, store, or communicate their organization’s non-sensitive data.
MFA is used to authenticate users to their organization’s online customer services that process, store, or communicate their organization’s sensitive customer data. ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to their organization’s online customer services that process, store, or communicate their organization’s sensitive customer data.
MFA is used to authenticate users to third-party online customer services that process, store, or communicate their organization’s sensitive customer data. ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online customer services that process, store, or communicate their organization’s sensitive customer data.
MFA is used to authenticate customers to online customer services that process, store, or communicate sensitive customer data. ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate customers to online customer services that process, store, or communicate sensitive customer data.
MFA is used to authenticate privileged users of systems. With ADSelfService Plus, you can enable custom MFA methods for users belonging to a particular OU or group. This way, users with varying privilege levels can be authenticated with appropriate MFA factors.
MFA is used to authenticate unprivileged users of systems. With ADSelfService Plus, you can enable custom MFA methods for users belonging to a particular OU or group. This way, users with varying privilege levels can be authenticated with appropriate MFA factors.
MFA uses either: something users have and something users know, or something users have that is unlocked by something users know or are. ADSelfService Plus provides 20 different authentication methods, which include something users have, such as smart cards, TOTPs, and YubiKeys; something users know, such as security questions and strong passwords; and something users are, such as biometric and FIDO2 authentication.
MFA used for authenticating users of online services is phishing-resistant. ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate users of online services.
MFA used for authenticating customers of online customer services provides a phishing-resistant option. ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate customers of online customer services.
MFA used for authenticating users of systems is phishing-resistant. ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate users of systems.
Successful and unsuccessful MFA events are centrally logged. ADSelfService Plus generates detailed MFA audit reports to monitor and log the status of each MFA attempt made by users.
MFA: Maturity Level Three
MFA is used to authenticate users to their organization’s online services that process, store, or communicate their organization’s sensitive data. ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to their organization’s online services that process, store, or communicate their organization’s sensitive data.
MFA is used to authenticate users to third-party online services that process, store, or communicate their organization’s sensitive data. ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online services that process, store, or communicate their organization’s sensitive data.
MFA (where available) is used to authenticate users to third-party online services that process, store, or communicate their organization’s non-sensitive data. ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online services that process, store, or communicate their organization’s non-sensitive data.
MFA is used to authenticate users to their organization’s online customer services that process, store, or communicate their organization’s sensitive customer data. ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to their organization’s online customer services that process, store, or communicate their organization’s sensitive customer data.
MFA is used to authenticate users to third-party online customer services that process, store, or communicate their organization’s sensitive customer data. ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online customer services that process, store, or communicate their organization’s sensitive customer data.
MFA is used to authenticate customers to online customer services that process, store, or communicate sensitive customer data. ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate customers to online customer services that process, store, or communicate sensitive customer data.
MFA is used to authenticate privileged users of systems. With ADSelfService Plus, you can enable custom MFA methods for users belonging to a particular OU or group. This way, users with varying privilege levels can be authenticated with appropriate MFA factors.
MFA is used to authenticate unprivileged users of systems. With ADSelfService Plus, you can enable custom MFA methods for users belonging to a particular OU or group. This way, users with varying privilege levels can be authenticated with appropriate MFA factors.
MFA is used to authenticate users of data repositories. With ADSelfService Plus, you can enable custom MFA methods for users belonging to a particular OU or group. This way, users with access to data repositories can be authenticated with appropriate MFA factors.
MFA uses either: something users have and something users know, or something users have that is unlocked by something users know or are. ADSelfService Plus provides 20 different authentication methods, which include something users have, such as smart card, TOTPs, and YubiKeys; something users know, such as security questions and strong passwords; and something users are, such as biometric and FIDO2 authentication.
MFA used for authenticating users of online services is phishing-resistant. ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate users of online services.
MFA used for authenticating customers of online customer services is phishing-resistant. ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate customers of online customer services.
MFA used for authenticating users of systems is phishing-resistant. ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate users of systems.
MFA used for authenticating users of data repositories is phishing-resistant. ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate users of data repositories.
Successful and unsuccessful MFA events are centrally logged. ADSelfService Plus generates detailed MFA audit reports to monitor and log the status of each MFA attempt made by users.

Make your organization adhere to the Essential Eight strategies with ADSelfService Plus

ADSelfService Plus offers strong adaptive MFA capabilities that can help your organization comply with the Essential Eight Security Control objective of limiting the impact of cyberattacks:

  1. MFA for applications and endpoints: Secure user access to organizational data by enabling MFA for endpoints such as machines, enterprise applications, VPNs, RDPs, and OWAs.
  2. Multiple MFA authenticators: Choose from a range of 20 different MFA authenticators, like FIDO passkeys, biometrics, and YubiKey authenticator, to verify users' identities.
  3. Easy configuration: Simplify the MFA enrollment process for both admins and users using quick enrollment options, like email or push notifications and CSV file imports, and enforce different MFA methods for users based on OUs and groups.
  4. Customizable trust settings: Customize MFA trust settings to allow users to establish a trusted browser or device, enabling them to skip MFA for a limited number of days to save time.

MFA

1
 

Secure user access to all enterprise applications and endpoints in your network using MFA.

2
 

Choose from 20 different authenticators to verify your users' identities.

3
 

Set up different MFA flows for different groups or departments in your organization.

Configuring MFA using ADSelfService Plus to comply with the Essential Eight

Secure user access to all enterprise applications and endpoints in your network using MFA.
Choose from 20 different authenticators to verify your users' identities.
Set up different MFA flows for different groups or departments in your organization.

Benefits of using ADSelfService Plus to comply with the Essential Eight

  • Increased password security: Apart from MFA, ensure all-around protection from cyberattacks with the help of strong password policiesthat enforce passphrases and restrict common patterns from passwords.
  • Strong MFA techniques: Implement adaptive MFA techniques, like conditional access and customizable trust options, to authenticate users based on their location, IP address, and device type.
  • Fine-grained flexibility: Enforce different MFA settings for users with varying levels of access to sensitive organizational data based on their OUs or groups.
  • Compliance with regulatory standards: Ensure that your organization complies not only with the Essential Eight standards but also with NIST SP 800-63B, PCI DSS, CJIS, and SOX compliance mandates.

Adhere to the Essential Eight using ADSelfService Plus

Get your free trial  
Highlights

Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

« Reports and Email Notification
Automatic Password Reset »

ADSelfService Plus trusted by

Embark on a journey towards identity security and Zero Trust
Password management Adaptive MFA Enterprise SSO Self-service & security Related products