Critical controls

For each control we provide a page summarising the intent and success measures for decision makers. We have a separate page providing implementation advice for practitioners.

2019 05 10 MTP 0502

Critical Controls

Security awareness building

Cyber attackers often rely on human behaviour, such as clicking on links or downloading and opening/executing files, to

2019 05 16 MTP 1212

Critical Controls

Password manager

Providing a password manager for your staff to store their passwords, or other secrets like alarm codes, is a great way

2019 05 30 MTP 1674 v2

Critical Controls

Asset Lifecycle Management

Limiting and securing your internet-exposed services will help you prevent unauthorised access.

CERT TEC 180518 WEB 265

Critical Controls

Network segmentation and separation

When paired together, segmentation and separation can add an additional level of access control and security to your net

CERT TEC 180518 WEB 83 v2

Critical Controls

Centralised logging

Storing and securing your logs in a central place makes log analysis and alerting easier.

CERT TEC 180518 WEB 245

Critical Controls

Implement and test backups

After an incident, restoring your data from backups is often the best way to return to business as usual. Performing and

CERT TEC 180518 WEB 83

Critical Controls

Principle of least privilege

The principle of least privilege means only having the access you need to do your job. Restricting the level access to o

2019 05 30 MTP 1764

Critical Controls

Multi-factor authentication and verification

You can authenticate with something you know, something you have, or something you are. Multi-factor authentication (MFA

2019 05 16 MTP 0632

Critical Controls

Implement application control

Application allowlisting (otherwise known as whitelisting) is a method of strictly controlling what programs can be run

CERT TEC 180518 WEB 268

Critical Controls


Keeping your software up-to-date is one of the most simple and effective steps to take, to ensure your environment stays