Benchmark: Australian Cyber Security Center (ACSC) Essential Eight
Overview
The ACSC Essential Eight is a set of baseline security strategies designed to mitigate cybersecurity incidents. The Essential Eight is a prioritized list of mitigation strategies that organizations can implement to protect their systems against a range of adversaries. The Essential Eight is based on the Australian Signals Directorate (ASD)’s experience in cyber operations and incident response. The Essential Eight is designed to be complementary to other cybersecurity frameworks, such as the NIST Cybersecurity Framework and ISO 27001.
The Essential Eight is divided into two groups: Essential Eight Maturity Model and Essential Eight Strategies. The Essential Eight Maturity Model is a set of maturity levels that organizations can use to assess their cybersecurity posture. The Essential Eight Strategies are a set of mitigation strategies that organizations can implement to protect their systems against a range of adversaries.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select Australian Cyber Security Center (ACSC) Essential Eight.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.acsc_essential_eight
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.acsc_essential_eight --share
Benchmarks
- ACSC Essential Eight Maturity Level 1
- ACSC Essential Eight Maturity Level 2
- ACSC Essential Eight Maturity Level 3