Essential 8 Compliance

[MeiMac]

I work in GRC and a table showing how this SOE aligns to the current E8 model would be helpful for Security Teams to at-a-glance better understand how this stacks up (where it is relevant, of course). Most SRAs/SSPs/etc will have an E8 compliance check, and so these will be questions that get asked a lot. Especially:

• Application control
• Patch applications
• Restrict administrative privileges
• Patch operating systems
• Multi-factor authentication
• Regular backups

Most of this information is in the ISM page, but it's difficult to scroll through it all to get to where controls are listed. (I felt like I was scrolling forever to get to the relevant parts I wanted to read) Perhaps a way to sort these and filter out the "N/As" would be useful.

Understandably, clients all have different needs, but having this documented may allow easier conversations with Security Teams.

[lostdoco]

Hi @MeiMac thank you for the feedback! 👍

E8 is absolutely on the roadmap and we're looking for contributors if you would like to help :)

Noting the controls feedback - will remove all the N/A entries as they aren't relevant.

We're looking for a format for the control mapping that is

1. plaintext so we could keep it updated easily on GitHub
2. a format that renders well and is easy to consume for GRC Purposes

If you have any suggestions for that (CSV, JSON, XML etc) happy to hear them 🙂