Australian Government Architecture

Essential Eight Cyber Threat Mitigation Strategies

While no set of mitigation strategies are guaranteed to protect against all cyber threats, organisations are recommended to implement eight essential mitigation strategies from the Strategies to Mitigate Cyber Security Incidents as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems. 

The mitigation strategies that constitute the Essential Eight are following:

  • application control
  • patch applications
  • configure Microsoft Office macro settings
  • user application hardening
  • restrict administrative privileges
  • patch operating systems
  • multi-factor authentication
  • regular backups.


This design is part of the following capability.

Data Security


This design can be useful in achieving the intent of the following standard(s).
The Australian Cyber Security Centre (ACSC) produces the Information Security Manual (ISM). The purpose of the ISM is to outline a cyber security framework that an organisation can apply, using their risk management framework, to protect their systems and data from cyber threats. The ISM is…
Was this information helpful?

Do not include any personal information. We are unable to respond to comments or feedback. If you would like a response, please email, or phone us. Our details are on the AGA contact page