The Top 4 Strategies to Mitigate Targeted Cyber Intrusions (the Strategies) are the most effective security controls an organisation can implement at this point in time based on the our current visibility of the cyber threat environment. The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate (DSD), assesses that implementing the Top 4 will mitigate at least 85% of the intrusion techniques that the Cyber Security Operations Centre (CSOC) responds to. For this reason, the Attorney‐General's Department has updated the Australian Government Protective Security Policy Framework (PSPF) to require Australian government agencies to implement ICT protective security controls as detailed in the Australian Government Information Security Manual (ISM) to meet ASD's Top 4 Strategies.
This document provides specific implementation information on the Top 4 Strategies, including:
- information on the scope of and steps to manage the mandatory requirement; and
- some technical guidance for IT system administrators to planning and implementing the Top 4 Strategies in a typical Windows environment.
This document focusses on implementing the Top 4 in a Windows environment, as the majority of government business is currently conducted using Windows operating systems.
For agencies seeking implementation advice for systems that use other operating environments, ASD recommends seeking advice from your agency systems integrator or vendor in the first instance. Additionally, ASD recommends conducting research using open source publications, forums and resources available on the operating system and how each of the Top 4 could be implemented.
If your agency finds it is not possible or feasible to implement the Top 4 in a non‐windows environment, you should follow appropriate risk‐management practices as outlined in the ISM.