ACSC December 2022 ISM and E8 Updates - 20221202001

ACSC has recently issued a December 2022 update to the Information Security Manual (ISM) including Essential Eight (E8) guidance which defines new requirements for patching controls:

• Undertake automated detection of assets at least fortnightly to inform vulnerability management.
• Ensure vulnerability scanners are using an up-to-date vulnerability database before conducting vulnerability scanning activities.

Both of the above are new requirements for Maturity Level 1 and above under Patch Applications and Patch Operating Systems. Organisations should adopt these changes to the model as they are released, noting that DGov will incorporate these updates into the WA Government Cyber Security Policy reporting process for 2023.

References

• ACSC ISM December 2022 Changes
• Essential Eight Maturity Model
• Essential Eight Maturity Model FAQ
• CISA Implementation Guidance for Improving Asset Visibility (BOD 23-01)