← Frameworks / ASD Essential Eight / Control Mappings

ASD Essential Eight Maturity Model

Eight prioritised mitigation strategies from the Australian Signals Directorate, each with four maturity levels (0-3). Covers application control, patching applications and operating systems, Microsoft Office macro settings, user application hardening, restricting administrative privileges, multi-factor authentication, and regular backups.

Controls: 24
Total Mappings: 76
Publisher: Australian Signals Directorate Version: 2023
ASD Essential Eight → SP 800-53 SP 800-53 → ASD Essential Eight Coverage Analysis
AC (4) AU (2) CM (6) CP (3) IA (2) RA (1) SA (1) SC (2) SI (3)

AC Access Control

Control Name ASD Essential Eight References
AC-02 Account Management
E8-5E8-5 ML1E8-5 ML2E8-5 ML3
AC-03 Access Enforcement
E8-8 ML3
AC-06 Least Privilege
E8-5E8-5 ML1E8-5 ML2E8-5 ML3E8-8 ML3
AC-17 Remote Access
E8-7 ML2

AU Audit and Accountability

Control Name ASD Essential Eight References
AU-02 Auditable Events
E8-1 ML2
AU-03 Content Of Audit Records
E8-1 ML2

CM Configuration Management

Control Name ASD Essential Eight References
CM-06 Configuration Settings
E8-3E8-3 ML1E8-3 ML3E8-4E8-4 ML1E8-4 ML2E8-4 ML3
CM-07 Least Functionality
E8-1E8-1 ML1E8-1 ML2E8-1 ML3E8-3E8-3 ML1E8-3 ML2E8-3 ML3E8-4E8-4 ML1E8-4 ML2E8-4 ML3
CM-08 Information System Component Inventory
E8-2 ML3E8-6 ML3
CM-11 User-Installed Software
E8-1
CM-12 Information Location
E8-2 ML3
CM-14 Signed Components
E8-1E8-1 ML3E8-3 ML3

CP Contingency Planning

Control Name ASD Essential Eight References
CP-06 Alternate Storage Site
E8-8E8-8 ML2
CP-09 Information System Backup
E8-8E8-8 ML1E8-8 ML2E8-8 ML3
CP-10 Information System Recovery And Reconstitution
E8-8

IA Identification and Authentication

Control Name ASD Essential Eight References
IA-02 User Identification And Authentication
E8-7E8-7 ML1E8-7 ML2E8-7 ML3
IA-05 Authenticator Management
E8-5 ML3E8-7

RA Risk Assessment

Control Name ASD Essential Eight References
RA-05 Vulnerability Scanning
E8-2E8-2 ML1E8-2 ML2E8-2 ML3E8-6E8-6 ML1

SA System and Services Acquisition

Control Name ASD Essential Eight References
SA-22 Unsupported System Components
E8-6E8-6 ML3

SC System and Communications Protection

Control Name ASD Essential Eight References
SC-07 Boundary Protection
E8-5 ML2
SC-18 Mobile Code
E8-3E8-3 ML2E8-4E8-4 ML1

SI System and Information Integrity

Control Name ASD Essential Eight References
SI-02 Flaw Remediation
E8-2E8-2 ML1E8-2 ML2E8-2 ML3E8-6E8-6 ML1E8-6 ML2E8-6 ML3
SI-03 Malicious Code Protection
E8-3E8-3 ML2
SI-07 Software And Information Integrity
E8-3 ML3