Configure Microsoft Office macro settings - ACSC's Essential Eight mitigation strategy

"Hi, my name is Michael, and I’m a Cyber Security Consultant here at AC3.

In this video, I will be discussing the ACSC Essential Eight mitigation strategy that covers configuring Microsoft Office macro settings.

This is a simple strategy and some organisations have a viable shortcut to Maturity Level Three. If the execution of macros is completely disabled, and logging is established, the other controls are naturally met.

If you do have a business requirement to use macros though, the full set of controls must be considered.

Across all maturity levels, organisations need to disable Microsoft Office macros for users that don't have a business requirement, block Microsoft Office macros in files originating from the internet, enable Microsoft Office macro antivirus scanning, and ensure macro security settings cannot be changed by users.

It is important to understand each level of maturity and target the most appropriate level for your organisation’s environment.

If you would like guidance on which maturity level is right for your organisation or how effective your mitigation strategies are, please reach out to the team. We'd love to help."

AC3's Essential Eight Security Control Assessment can benchmark your current strategies against the ACSC's Essential Eight maturity models. Find out more here.