Essential Eight Readiness Checklist

Application Control

Allow-lists for approved executables, libraries, scripts and MSI.

0/0 answered

Application allow-listing enforced on workstations/servers for EXE/DLL/Scripts/MSI?

Trusted publisher / signed code policies defined with change approval workflow?

Block & log events centralised (e.g., Defender/MDI/SIEM) with review cadence?

Patch Applications

Timely patching of Internet-facing and high-risk apps.

0/0 answered

Internet-facing apps (browsers, PDF, Java, email clients) patched within SLA?

Application inventory & risk classification maintained with owners?

Automated patch reports captured monthly as evidence (SharePoint/Defender/Intune)?

Configure MS Office Macros

Block or tightly control macros from the Internet.

0/0 answered

Block macros from the Internet; trusted locations/signing enforced?

Group Policy/Intune configuration deployed & tested across all managed devices?

Exception process (time-bound, approved, logged) for business-critical macros?

User Application Hardening

Disable risky features (e.g., Flash/Java, ads, web trackers).

0/0 answered

Disable or restrict risky browser features (Flash/legacy plugins, ads, trackers)?

Block executable downloads from the web for standard users?

Periodic verification reports/screenshots stored with policy references?

Restrict Admin Privileges

Least privilege, approvals, and JIT/JEA patterns.

0/0 answered

Privileged access uses JIT/JEA or PAM; standing admin reduced?

Quarterly access reviews/recertification for privileged groups?

Admin accounts segmented (no email/browsing), dedicated workstations for admin?

Patch Operating Systems

Meet SLAs for OS patches with centralised visibility.

0/0 answered

OS patch SLAs defined (e.g., 48h critical, 2w high) and met with exceptions tracked?

Update rings/pilot groups and rollback plans defined & exercised?

Compliance dashboards & exportable evidence (Intune/Defender/WSUS) captured?

Multi-Factor Authentication

MFA for remote, privileged and sensitive access.

0/0 answered

MFA enforced for remote access, privileged roles and sensitive apps?

Phishing-resistant factors (FIDO2/passkeys/Number-match) preferred over SMS?

Break-glass controls documented, tested and monitored?

Regular Backups

Tested, immutable/tamper-evident backups and restores.

0/0 answered

Critical systems & SaaS (M365) in scope with RTO/RPO defined?

Immutable/tamper-evident copies (air-gapped/object-lock) with separation of duties?

Periodic restoration tests with evidence and actioned findings?

Essential Eight Readiness Checklist

What you get

How scoring works

Data handling

Application Control

Patch Applications

Configure MS Office Macros

User Application Hardening

Restrict Admin Privileges

Patch Operating Systems

Multi-Factor Authentication

Regular Backups

Before you download

Welcome to Country