Essential Eight Assessment Course

The following pre-requisites are to be met for a participant to be accepted into the course: 

• The participant must have a minimum of a Certificate IV qualification in a technical ICT discipline or greater and a minimum of two years of experience in a technical ICT role
  OR
• Four years experience in a technical ICT role
  AND
• The participant must be an Australian Citizen or Permanent Resident

Participants will be vetted to ensure they meet the entry requirements. This includes verification of participants’ identities and immigration status. 

Participants who enrol in the course are further encouraged to ensure that they are familiar with the following technologies before course commencement: 

• Microsoft Active Directory, PowerShell, and Group Policy 
• Operation and theory of vulnerability scanners 
• Basic Networking

This project closely aligns with the Minister of Home Affairs and Cyber Security priorities, specifically:

• Increasing whole of nation cyber security efforts to protect Australia and our economy: This course will leverage partnerships with industry and education sector partners in every jurisdiction.
• Ensuring CI and government systems are resilient and cyber-secure: Essential Eight is a technical cyber security framework that has been adopted by many State governments, and is one of the approved frameworks in the Security of Critical Infrastructure Act.
• Growing and sustaining a national cyber workforce, focusing on education, skills and training: This training course will become a new Australian industry certification and will form a key part of the Australian cyber security training ecosystem.

The three (3) day face to face Essential Eight Assessment Course covers the Essential Eight Maturity Model including:

• Maturity and compliance requirements by market Federal and State Government, Critical Infrastructure and Defence Industry supply chain;
• Planning and scoping and assessment;
• The ACSC Essential Eight Assessment Process Guide;
• The ACSC Essential Eight Assessment Report Template;
• The ACSC Essential Eight Cyber Toolbox (ACVT and E8MVT);
• Assessment techniques and methods;
• Technical exercises; and
• Written exercises.

The training course will consist of the following modules: 

• Session 1 includes the history of the Essential Eight and its use in current markets.  
• Session 2 includes preparing for assessments, scoping, and determining the resources and tools needed.  
• Session 3 includes an overview and demonstration of the main toolsets and product features/functions to use in an assessment.  
• Session 4 includes preventing the execution of unapproved/malicious programs and installers.  
• Session 5 includes patching/mitigating computers with ‘extreme risk’ security vulnerabilities.  
• Session 6 includes patching/mitigating operating systems with ‘extreme risk’ security vulnerabilities.  
• Session 7 includes configuring Microsoft Office macro settings to block macros from the internet and to allow vetted macros either in ‘trusted locations’ or with a trusted certificate.  
• Session 8 includes configuring web browsers to block Flash, ads and Java on the internet and disabling unneeded features in Microsoft Office, web browsers and PDF viewers.  
• Session 9 includes maintaining and restricting administrative privileges to operating systems and applications based on user duties.  
• Session 10 includes MFA for VPN and other remote access, and for all users when they perform a privileged action or access an important data repository.  
• Session 11 includes the maintenance of important data, software and configuration settings and a retention schedule.  
• Session 12 includes the drafting and presentation of the report.  

Participants for this course are required to meet pre-entry requirements and, following successful completion of the course and an assessment, will receive a qualification endorsed by the ACSC on behalf of ASD.