Skip to content
arrow_back
boltEssential 8

Application control

19 controls in this part of theEssential Eight. Each control links to plain-English guidance, audit tips and cross-framework mappings.

E8-AC-ML1.1
Application control is implemented on workstations.
E8-AC-ML1.2
Application control is applied to user profiles and temporary folders
E8-AC-ML1.3
Ensure only approved applications and scripts can run
E8-AC-ML2.1
Application control is implemented on internet-facing servers
E8-AC-ML2.2
Application control excludes user profiles and temporary folders
E8-AC-ML2.3
Microsoft's recommended application blocklist is implemented
E8-AC-ML2.4
Annual validation of application control rulesets
E8-AC-ML2.5
Allowed and blocked application control events are centrally logged
E8-AC-ML2.6
Event logs are protected from unauthorised modification and deletion
E8-AC-ML2.7
Event logs from internet-facing servers are analysed to detect cybersecurity events
E8-AC-ML2.8
Cybersecurity events are analysed in a timely manner
E8-AC-ML2.9
Cyber security incidents are reported promptly to CISO
E8-AC-ML2.10
Report cyber security incidents to ASD quickly
E8-AC-ML2.11
Cybersecurity incident response plan is enacted after incident identification
E8-AC-ML3.1
Application control is implemented on non-internet-facing servers
E8-AC-ML3.2
Application control restricts driver execution to an approved set
E8-AC-ML3.3
Microsoft's vulnerable driver blocklist is implemented
E8-AC-ML3.4
Event logs from non-internet-facing servers are analysed
E8-AC-ML3.5
Workstation event logs are promptly analysed for security events

Back to the full ASD Essential Eight control list, or browse the complete control library.