Essential Eight Content
How Kiteworks Supports Essential Eight Compliance
The Australian Cyber Security Centre (ACSC) developed the Essential Eight as a prioritized set of mitigation strategies designed to help organizations protect their systems against a range of cyber threats. These eight strategies represent the most effective controls that organizations can implement to reduce their exposure to cyber attacks. Kiteworks provides comprehensive capabilities that align with each of the Essential Eight strategies across all three maturity levels, helping Australian organizations systematically strengthen their security posture.
1. Application Control
Application control prevents the execution of unapproved or malicious programs on workstations and servers. Kiteworks supports application control requirements through:
Controlled application environment operating within a hardened virtual appliance that restricts unauthorized software execution
Whitelisting enforcement ensuring only approved applications and processes run within the Kiteworks platform
File type validation that restricts uploads and transfers to approved file types, preventing execution of malicious content
Content scanning integration with advanced threat protection (ATP) and anti-malware solutions to detect malicious payloads
API access controls restricting programmatic access to approved applications and integration endpoints only
2. Patching Applications
Timely patching of applications is critical to closing known security vulnerabilities. Kiteworks addresses patching requirements with:
Regular security updates delivered through a managed update process that minimizes operational disruption
Vulnerability management program with continuous monitoring for newly discovered vulnerabilities in platform components
Rapid patch deployment with critical security patches released within 48 hours of identification for extreme-risk vulnerabilities
Update verification ensuring all patches are tested and validated before deployment to production environments
End-of-life management proactively replacing components before vendor support ends to maintain security coverage
3. Configuring Microsoft Office Macro Settings
Restricting Microsoft Office macros reduces the risk of malware delivery through document-based attacks. Kiteworks contributes to macro security through:
Document sanitization capabilities that can strip potentially dangerous macro content from uploaded Office documents
Content disarm and reconstruction (CDR) integration that neutralizes embedded threats while preserving document usability
File inspection and quarantine for Office documents containing macros before they are shared or distributed
Policy-based file handling allowing administrators to define rules for how macro-enabled documents are processed
4. User Application Hardening
Hardening user-facing applications reduces the attack surface available to adversaries. Kiteworks supports application hardening by:
Secure web interface with Content Security Policy (CSP) headers, X-Frame-Options, and other browser security controls
Flash, Java, and ActiveX blocking ensuring the platform does not rely on or execute vulnerable browser plugins
TLS 1.2/1.3 enforcement disabling older, vulnerable encryption protocols across all communication channels
Secure cookie handling with HttpOnly, Secure, and SameSite flags preventing session hijacking attacks
Input validation and output encoding protecting against cross-site scripting (XSS) and injection attacks
5. Restricting Administrative Privileges
Limiting administrative access reduces the potential damage from compromised accounts. Kiteworks provides robust privilege management through:
Role-based access control (RBAC) with granular permission levels separating administrative, operational, and user functions
Least privilege enforcement ensuring users and administrators only have access to the minimum resources required for their role
Privileged access management with separate authentication requirements for administrative actions
Administrative action logging capturing all privileged operations for audit and review
Time-limited administrative sessions with automatic timeout and re-authentication requirements
Privilege Level | Access Scope | Controls Applied |
|---|---|---|
System Administrator | Full platform configuration | MFA, session limits, IP restrictions |
Organization Admin | Tenant-level management | MFA, role-based permissions |
Folder Manager | Content area management | Granular folder permissions |
Standard User | Assigned content only | Least privilege access |
External User | Shared content only | Limited access, expiry controls |
6. Patching Operating Systems
Keeping operating systems up to date is essential for maintaining a secure foundation. Kiteworks addresses OS patching through:
Hardened operating system with a minimal attack surface, removing unnecessary services and components
Regular OS updates bundled with platform releases to ensure the underlying system remains current
Kernel-level security patches applied as part of the managed update lifecycle
Security configuration baselines ensuring the operating system meets hardening standards such as CIS benchmarks
Automated compliance scanning verifying OS-level security configurations remain in their hardened state
7. Multi-Factor Authentication (MFA)
MFA provides an additional layer of protection beyond passwords, significantly reducing the risk of credential-based attacks. Kiteworks delivers comprehensive MFA support including:
Native MFA support with TOTP (Time-based One-Time Password), SMS, and email verification options
SAML 2.0 and SSO integration enabling organizations to leverage their existing identity provider's MFA capabilities
RADIUS authentication support for integration with enterprise authentication infrastructure
Certificate-based authentication using PIV/CAC smart cards for high-assurance identity verification
Conditional access policies requiring MFA based on risk factors such as location, device, or sensitivity of content accessed
MFA enforcement for all user types including internal users, external collaborators, and administrative accounts
8. Regular Backups
Regular backups ensure that critical data can be recovered following a cyber security incident. Kiteworks supports backup requirements through:
Automated backup scheduling with configurable frequency to meet organizational recovery point objectives (RPOs)
Encrypted backup storage ensuring backed-up data remains protected at rest with AES-256 encryption
Offsite backup support enabling geographic separation of backup data from primary systems
Backup integrity verification with automated testing to ensure backups can be successfully restored
Granular recovery capabilities allowing restoration of individual files, folders, or complete system configurations
Version history and retention maintaining multiple backup versions for point-in-time recovery options
9. Essential Eight Maturity Model
The ACSC defines three maturity levels for each of the Essential Eight strategies. Kiteworks helps organizations progress through all maturity levels:
Maturity Level | Description | Kiteworks Support |
|---|---|---|
Maturity Level One | Partly aligned with the intent of the mitigation strategy | Baseline security controls, basic access management, standard encryption |
Maturity Level Two | Mostly aligned with the intent of the mitigation strategy | Advanced RBAC, comprehensive logging, MFA enforcement, automated patching |
Maturity Level Three | Fully aligned with the intent of the mitigation strategy | Zero-trust architecture, continuous monitoring, privileged access management, full audit trails |
By deploying Kiteworks as a central platform for sensitive data exchange, Australian organizations can systematically address all eight Essential Eight mitigation strategies while building toward higher maturity levels. The platform's comprehensive security controls, combined with its unified visibility and governance capabilities, provide a strong foundation for achieving and maintaining Essential Eight compliance across the organization.