SecFrame Explorer
3/3
// Level 3 · Controls

Maturity Level 2

Essential Eight Maturity Level 2 — targeted adversaries.

E8-1.ML2Critical

Application Control (ML2)

Prevent execution of unapproved/malicious programs on all workstations and servers.

E8-2.ML2Critical

Patch Applications (ML2)

Apply patches/updates for online services and other apps within timelines based on vulnerability severity.

E8-3.ML2High

Configure Microsoft Office Macro Settings (ML2)

Block macros from the internet; only allow vetted macros from trusted locations or digitally signed.

E8-4.ML2High

User Application Hardening (ML2)

Disable Flash, web ads, Java, and unneeded browser/Office features; enable ASR rules.

E8-5.ML2Critical

Restrict Administrative Privileges (ML2)

Limit privileged accounts; separate admin and standard accounts; use just-in-time access.

E8-6.ML2Critical

Patch Operating Systems (ML2)

Apply OS patches/updates in line with severity-based timelines; use modern, supported OS versions.

E8-7.ML2Critical

Multi-Factor Authentication (ML2)

Use phishing-resistant MFA for users of internet-facing services and privileged users.

E8-8.ML2High

Regular Backups (ML2)

Backup critical data and configs; store securely; test restoration; protect from modification/deletion.