Critical controls

For each control we provide a page summarising the intent and success measures for decision makers. We have a separate page providing implementation advice for practitioners.

2019 05 16 MTP 1212

Critical Controls

Password manager

Providing a password manager for your staff to store their passwords, or other secrets like alarm codes, is a great way

2019 05 30 MTP 1674 v2

Critical Controls

Securing internet-exposed services

Limiting and securing your internet-exposed services will help you prevent unauthorised access.

2019 05 30 MTP 1664 v2

Critical Controls

Secure defaults for macros

While macros have a valid business function, they are often used by attackers too. Using secure default configurations w

CERT TEC 180518 WEB 265

Critical Controls

Network segmentation and separation

When paired together, segmentation and separation can add an additional level of access control and security to your net

CERT TEC 180518 WEB 83 v2

Critical Controls

Centralised logging

Storing and securing your logs in a central place makes log analysis and alerting easier.

CERT TEC 180518 WEB 245

Critical Controls

Implement and test backups

After an incident, restoring your data from backups is often the best way to return to business as usual. Performing and

CERT TEC 180518 WEB 83

Critical Controls

Principle of least privilege

The principle of least privilege means only having the access you need to do your job. Restricting the level access to o

2019 05 30 MTP 1764

Critical Controls

Multi-factor authentication

You can authenticate with something you know, something you have, or something you are. Multi-factor authentication (MFA

2019 05 16 MTP 0632

Critical Controls

Application allowlisting

Application allowlisting (otherwise known as whitelisting) is a method of strictly controlling what programs can be run

CERT TEC 180518 WEB 268

Critical Controls


Keeping your software up-to-date is one of the most simple and effective steps to take, to ensure your environment stays