CERT NZ's Critical Controls
Each year, we review our critical controls against the incidents we have seen over the past 12 months. When correctly im
Ngā mana whakahaere Critical Controls
When correctly implemented, our Critical Controls will prevent, detect, or contain the majority of the attacks we’ve seen in the past year.
Security awareness building
Cyber attackers often rely on human behaviour, such as clicking on links or downloading and opening/executing files, to
Password manager
Providing a password manager for your staff to store their passwords, or other secrets like alarm codes, is a great way
Asset Lifecycle Management
Limiting and securing your internet-exposed services will help you prevent unauthorised access.
Network segmentation and separation
When paired together, segmentation and separation can add an additional level of access control and security to your net
Centralised logging
Storing and securing your logs in a central place makes log analysis and alerting easier.
Implement and test backups
After an incident, restoring your data from backups is often the best way to return to business as usual. Performing and
Principle of least privilege
The principle of least privilege means only having the access you need to do your job. Restricting the level access to o
Multi-factor authentication and verification
You can authenticate with something you know, something you have, or something you are. Multi-factor authentication (MFA
Implement application control
Application allowlisting (otherwise known as whitelisting) is a method of strictly controlling what programs can be run
Patching
Keeping your software up-to-date is one of the most simple and effective steps to take, to ensure your environment stays