User application hardening
27 controls in this part of theASD Essential Eight. Each control links to plain-English guidance, audit tips and cross-framework mappings.
E8-AH-ML1.1
Disable or remove Internet Explorer 11
E8-AH-ML1.2
Web browsers must not execute Java content from the internet
E8-AH-ML1.3
Web browsers block web ads from the internet
E8-AH-ML1.4
Web browser security settings locked down to users
E8-AH-ML2.1
Web browsers are hardened with the most restrictive guidance
E8-AH-ML2.2
Block Microsoft Office from creating child processes
E8-AH-ML2.3
Block Microsoft Office from creating executable content
E8-AH-ML2.4
Block Microsoft Office from injecting code into other processes
E8-AH-ML2.5
Configure Microsoft Office to prevent activation of OLE packages
E8-AH-ML2.6
Office productivity suites are hardened using ASD and vendor guidance
E8-AH-ML2.7
Office productivity suite settings are immutable by users
E8-AH-ML2.8
Block PDF software from creating child processes
E8-AH-ML2.9
Ensure PDF software is securely configured using guidance.
E8-AH-ML2.10
PDF software security settings cannot be changed by users
E8-AH-ML2.11
Centrally log PowerShell module, script block, and transcription events
E8-AH-ML2.12
Command line process creation logging is centralised
E8-AH-ML2.13
Protect event logs from unauthorised changes or deletion
E8-AH-ML2.14
Timely Analysis of Event Logs from Internet-Facing Servers
E8-AH-ML2.15
Timely Analysis of Cyber Security Events to Identify Incidents
E8-AH-ML2.16
Cybersecurity incidents must be reported immediately to the CISO
E8-AH-ML2.17
Report cyber security incidents to ASD promptly
E8-AH-ML2.18
Cyber incident response plan is enacted after identification
E8-AH-ML3.1
.NET Framework 3.5, 3.0, 2.0 is disabled or removed
E8-AH-ML3.2
Ensure Windows PowerShell 2.0 is disabled or removed
E8-AH-ML3.3
PowerShell is configured to use Constrained Language Mode
E8-AH-ML3.4
Analyse event logs from non-internet-facing servers for cyber threats
E8-AH-ML3.5
Timely Analysis of Workstation Event Logs for Cybersecurity
Back to the full Essential Eight mitigation strategies control list, or browse the complete control library.