Add-ons, extensions and plug-ins for office productivity suites, web browsers, email clients, PDF software and security products are restricted to an organisation-approved set.
Topic
Hardening application configurations
Applicable to
all
History
Priority
should
Mar 2022
Add-ons, extensions and plug-ins for office productivity suites, web browsers, email clients, PDF software and security products are restricted to an organisation-approved set.
The recommendation to harden the use of web browsers, Microsoft Office and PDF software has been expanded to cover other office productivity suites, email clients and security products. This aligns with the emphasis placed on protecting these types of products by the Essential Eight Maturity Model. Furthermore, additional rationale has been included to note that when Australian Cyber Security Centre (ACSC) and vendor hardening guidance conflicts, preference should be given to implementing ACSC hardening guidance.
Apr 2019
The use of Microsoft Office, web browser and PDF viewer add-ons is restricted to organisation approved add-ons.
Security control 1235 was moved from the Guidelines for gateway management to the Guidelines for system hardening and expanded in scope to cover Microsoft Office and PDF viewers.
Mar 2019
The installation of web browser add-ons is restricted to organisation approved add-ons.
2015
Agencies should restrict the installation of add–ons to only those add–ons approved by theagency.