Australia: Adopted Signals Directorate guidelines updating the Essential Eight Maturity Model (E8MM)

On 27 November 2023, the Australian Signals Directorate adopted guidelines updating the Essential Eight Maturity Model (E8MM). The guideline contains recommended cyber security precautions for protecting internet-connected information technology networks against common cyber threats. The recent update in patching guidance emphasises prioritising critical vulnerabilities, particularly those that enable remote code execution or privileged access without user interaction, requiring organizations to mitigate these within 48 hours. Furthermore, there's a stronger focus on patching applications frequently interacting with untrusted internet content, such as office suites and browsers, with the timeframe shortened from one month to two weeks and increasing vulnerability scanning frequency. For less critical devices, such as non-internet-facing servers, the patching timeframe has been extended from two weeks to one month. Additionally, new requirements mandate patches for vulnerabilities in drivers and firmware, and multi-factor authentication (MFA) standards have been revised to enforce more secure forms.