Essential Eight Compliance for Government
A recent report released by the Attorney-General’s Department stated that the Essential Eight cyber security controls would be mandated for all 98 non-corporate Commonwealth entities. The current protective security policy framework (PSPF) only requires these departments to implement the top four, whilst recommending the Essential Eight.
This has caused many issues for government agencies, and more problems are foreseen in the near future.
The Australian National Audit Office (ANAO) reports that many agencies have struggled to not only implement the Essential Eight but have failed or have only slightly improved their position from the last audit.
As the growth of cloud-based platforms and services continues, compliance with Essential Eight has become even more complicated.
Infront’s customers report that a key issue to resolving these issues are access to the specialist skills and resources required to undertake this vital work. It is believed that the situation will only get worse over the coming years.
How can Agencies Achieve Essential Eight Compliance?
It is not all doom and gloom. There are realistic solutions available to government agencies to meet security mandates.
Rather than attempting to make on-premises capabilities compliant, agencies are actually replacing existing capability with as a service offerings. Backup is a perfect example of a managed service that has been built with Essential Eight compliance built into the solution.
Significantly reducing the burden of achieving Essential Eight compliance can be achieved through a well-managed and secure cloud environment. Combining a secure cloud architecture with automated compliance in a secure cloud landing zone, ensures agency services that are moved to the cloud are Essential Eight complaint and meet ISM security practices from the day it is launched. Multi-factor authentication, and administrative access control is simply integrated into every aspect of the architecture.
Moving to a cloud-based Platform as a Service (PaaS) brings many advantages, not least continuous patching, and ongoing threat protection for operating systems
Does your agency meet Essential Eight? Do you need help resourcing your IT teams to meet the mandated security requirements? Contact us for help.