Essential 8 for AWS Cloud

The Australian Signals Directorate (ASD) has created and prioritised strategies to help organizations mitigate the risks of cybersecurity threats. Eight of these strategies were chosen to form the Essential Eight framework. Many public and private sector organisations in Australia are required to reach a specified maturity level under the Essential Eight framework.

But fundamentally the Essential Eight is not designed for cloud environments. The Australian Cyber Security Centre (ACSC) created the Essential Eight framework to help protect Microsoft-based internet-connected networks. While its been updated several times since it was created in 2010, it remains a framework which is not cloud-aware, let alone cloud-native.

Despite this, if you’re an Australian public sector organization or a public sector ICT supplier that uses AWS to store confidential data, process sensitive transactions, and build critical services, then its very likely you’ll need to come up with an Essential Eight story across all of your environments, both on-premises and in the cloud.

We’ve done the heavy lifting, and turned the AWS Prescriptive Guidance for Reaching Essential Eight Maturity on AWS into a custom compliance framework which can be installed in the Drata automated, integrated, continuous compliance platform.

We’ll provide you with:

• A Drata platform license, which supports a wide range of compliance frameworks (eg ISO 27001, SOC 2)
• The Essential Eight for AWS Cloud custom framework which provides specific, opinionated guidance to help you achieve Essential Eight maturity level three on AWS
• Assistance to setup the Drata platform and integrate it with your AWS infrastructure so that control evidence is automatically and continually captured
• A baseline report for Essential Eight against your AWS Cloud footprint
• A flexible services bundle to help you close compliance gaps