ASD Essential Eight + ASD AI guidance · vASD Essential Eight Maturit…
ASD Essential Eight + ASD AI guidance
ASD Essential Eight + ASD AI guidance — 100% covered.
4 requirements · 4 enforced · 0 designed · 0 advisory · 0 deferred.
Source: Australian Signals Directorate (ASD) / Australian Cyber Security Centre (ACSC) Essential Eight Maturity Model (November 2023 release) + ASD 'Engaging with Artificial Intelligence' guidance (2024). Scoped to the mitigation strategies KYE's runtime-authority + evidence layer can enforce for the AI-agent action path. · License: ASD/ACSC publications are Commonwealth of Australia works published under CC BY 4.0.
By category
| Category | Reqs | Enforced | Designed | Advisory | Deferred | Coverage |
|---|---|---|---|---|---|---|
| Restrict administrative privileges | 1 | 1 | 0 | 0 | 0 | 100% |
| Multi-factor authentication | 1 | 1 | 0 | 0 | 0 | 100% |
| Monitoring, logging & detection | 1 | 1 | 0 | 0 | 0 | 100% |
| AI supply-chain governance | 1 | 1 | 0 | 0 | 0 | 100% |
Every requirement → the KYE™ artefact that enforces it
| ID | Title | Status | KYE™ enforcement |
|---|---|---|---|
asd-essential-eight.e8-restrict-admin |
Essential Eight — Restrict administrative privileges (least-privilege administration, validated and time-bound privileged access) | enforced | audit_events: kye.purpose.admissibility.v1, kye.risk.authority_register.v1engines: internal, internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
asd-essential-eight.e8-mfa |
Essential Eight — Multi-factor authentication for privileged and high-risk actions | enforced | audit_events: kye.purpose.admissibility.v1, kye.evidence.decision_map.v1engines: internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
asd-essential-eight.e8-monitoring |
Essential Eight + ASD AI guidance — centralised, tamper-evident logging and monitoring of security-relevant events for detection and incident response | enforced | audit_events: kye.evidence.pack.v1, kye.replay.context_seal.v1engines: internal, internalconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md, constitution/35-STREAMING-LOGS.md |
asd-essential-eight.asd-ai-supply-chain |
ASD 'Engaging with Artificial Intelligence' guidance — understand and govern the AI supply chain, including which components and authorities an AI system acts under | enforced | audit_events: kye.risk.authority_register.v1, kye.evidence.tool_call.v1engines: internal, internalconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |