Unneeded components, services and functionality of office productivity suites, web browsers, email clients, PDF software and security products are disabled or removed.
Topic
Hardening application configurations
Applicable to
all
History
Priority
should
Mar 2022
Unneeded components, services and functionality of office productivity suites, web browsers, email clients, PDF software and security products are disabled or removed.
The recommendation to harden the use of web browsers, Microsoft Office and PDF software has been expanded to cover other office productivity suites, email clients and security products. This aligns with the emphasis placed on protecting these types of products by the Essential Eight Maturity Model. Furthermore, additional rationale has been included to note that when Australian Cyber Security Centre (ACSC) and vendor hardening guidance conflicts, preference should be given to implementing ACSC hardening guidance.
Mar 2019
Any unrequired functionality in Microsoft Office, web browsers and PDF viewers is disabled.
Security control 1470 was modified from a ‘must’ to a ‘should’ as high risk functionality of specific products are captured in separate security controls.
Feb 2019
Any unrequired functionality in Microsoft Office, web browsers and PDF viewers is disabled.
2017
Any unrequired functionality in applications should be disabled.