SecFrame Explorer
3/3
// Level 3 · Controls

Maturity Level 3

Essential Eight Maturity Level 3 — adaptive and well-resourced adversaries.

E8-1.ML3Critical

Application Control (ML3)

Prevent execution of unapproved/malicious programs on all workstations and servers.

E8-2.ML3Critical

Patch Applications (ML3)

Apply patches/updates for online services and other apps within timelines based on vulnerability severity.

E8-3.ML3High

Configure Microsoft Office Macro Settings (ML3)

Block macros from the internet; only allow vetted macros from trusted locations or digitally signed.

E8-4.ML3High

User Application Hardening (ML3)

Disable Flash, web ads, Java, and unneeded browser/Office features; enable ASR rules.

E8-5.ML3Critical

Restrict Administrative Privileges (ML3)

Limit privileged accounts; separate admin and standard accounts; use just-in-time access.

E8-6.ML3Critical

Patch Operating Systems (ML3)

Apply OS patches/updates in line with severity-based timelines; use modern, supported OS versions.

E8-7.ML3Critical

Multi-Factor Authentication (ML3)

Use phishing-resistant MFA for users of internet-facing services and privileged users.

E8-8.ML3High

Regular Backups (ML3)

Backup critical data and configs; store securely; test restoration; protect from modification/deletion.