# ISM - Essential Eight Maturity Level Mapping

The table below illustrates how Endpoint Central's capabilities align with the maturity levels of the Essential Eight framework. Additionally, we have included the ISM Controls [sourced directly](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model-ism-mapping) from the ASD website. While the ASD clearly distinguishes ISM Controls and the Essential Eight as separate cybersecurity frameworks, it emphasizes that the Essential Eight serves as a baseline framework. This mapping aims to streamline and simplify the practical application of both frameworks.

### Note:

This mapping outlines the requirements and controls that Endpoint Central fulfills. While most of the Essential Eight requirements can be addressed directly through Endpoint Central, certain needs, such as event logging, can be met using SIEM tools. Endpoint Central seamlessly [integrates](https://www.manageengine.com/products/desktop-central/integration.html) with popular SIEM tools like ManageEngine EventLog Analyzer, ManageEngine Log 360, Rapid7, Splunk, and others.

## Maturity level 1:

| Mitigation Strategy | Essential Eight Requirement | ISM Control | How Endpoint Central helps? |
|---|---|---|---|
| Patch applications | An automated method of asset discovery is used at least fortnightly to support the detection of assets for subsequent vulnerability scanning activities. | ISM-1807 | Endpoint Central uses its agents to fetch the complete details of the inventory present in your IT.<br><br>Refer to the types of [Inventory scans](https://www.manageengine.com/products/desktop-central/help/inventory/scan_systems_for_inventory.html) leveraged by Endpoint Central for monitoring your IT.<br><br>Admins can configure [Inventory Alerts](https://www.manageengine.com/products/desktop-central/help/inventory/configure_email_alerts_for_inventory.html) in case of any unauthorized changes taking place inside your IT network.<br><br>Endpoint Central provides [comprehensive vulnerability management](https://www.manageengine.com/vulnerability-management/features.html) in terms of constant assessment and visibility of threats from a single console.<br><br>Apart from vulnerability assessment, it also provides built-in remediation of the vulnerabilities detected.<br><br>Endpoint Central provides comprehensive patch support for Windows, Linux, and macOSs and Windows Server OS. It also can patch [1,000+ third party applications](https://www.manageengine.com/patch-management/supported-applications.html), hardware drivers, and BIOS.<br><br>Endpoint Central has a vulnerability age matrix and vulnerability severity summary, which can provide rich insights about the impact of patch implementation. Besides, Endpoint Central also provides comprehensive reports on vulnerable systems and missing patches in your IT.<br><br>**Endpoint Central's SLA for patches:**<br><br>- **Third-party updates** are supported within **6-9 hours** from vendor release.<br>- Security updates are supported within 12-18 hours from vendor release.<br>- Non-security updates are supported within 24 hours from vendor release.<br><br>Endpoint Central's comprehensive patching solution helps you to achieve [high patch compliance](https://www.manageengine.com/patch-management/patch-compliance.html).<br><br>Endpoint Central [integrates with Tenable](https://www.manageengine.com/products/desktop-central/tenable-integration.html) for extensive vulnerability detection. |
| Patch applications | A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities. | ISM-1808 |  |
| Patch applications | A vulnerability scanner is used at least daily to identify missing patches or updates for vulnerabilities in online services. | ISM-1698 |  |
| Patch applications | A vulnerability scanner is used at least weekly to identify missing patches or updates for vulnerabilities in office productivity suites, web browsers and their extensions, email clients, PDF software, and security products. | ISM-1699 |  |
| Patch applications | Patches, updates or other vendor mitigations for vulnerabilities in online services are applied within 48 hours of release when vulnerabilities are assessed as critical by vendors or when working exploits exist. | ISM-1876 |  |
| Patch applications | Patches, updates or other vendor mitigations for vulnerabilities in online services are applied within two weeks of release when vulnerabilities are assessed as non-critical by vendors and no working exploits exist. | ISM-1690 |  |
| Patch applications | Patches, updates or other vendor mitigations for vulnerabilities in office productivity suites, web browsers and their extensions, email clients, PDF software, and security products are applied within two weeks of release. | ISM-1691 |  |
| Patch applications | Office productivity suites, web browsers and their extensions, email clients, PDF software, Adobe Flash Player, and security products that are no longer supported by vendors are removed. | ISM-1704 |  |

## Maturity Level 2:

| Mitigation Strategy | Essential Eight Requirement | ISM Control | How Endpoint Central helps |
|---|---|---|---|
| Patch applications | An automated method of asset discovery is used at least fortnightly to support the detection of assets for subsequent vulnerability scanning activities. | ISM-1807 | Endpoint Central uses its agents to fetch the complete details of the inventory present in your IT.<br><br>Refer to the types of [Inventory scans](https://www.manageengine.com/products/desktop-central/help/inventory/scan_systems_for_inventory.html) leveraged by Endpoint Central for monitoring your IT.<br><br>Admins can configure [Inventory alerts](https://www.manageengine.com/products/desktop-central/help/inventory/configure_email_alerts_for_inventory.html) in case of any unauthorized changes taking place inside your IT network.<br><br>Endpoint Central provides [comprehensive vulnerability management](https://www.manageengine.com/vulnerability-management/features.html) in terms of constant assessment and visibility of threats from a single console.<br><br>Apart from vulnerability assessment, it also provides built-in remediation of the vulnerabilities detected.<br><br>Endpoint Central [integrates with Tenable](https://www.manageengine.com/products/desktop-central/tenable-integration.html) for extensive vulnerability detection.<br><br>Endpoint Central provides comprehensive patch support for Windows, Linux, and macOSs and Windows Server OS. It also can patch [1,000+ third party applications, hardware drivers, and BIOS](https://www.manageengine.com/patch-management/third-party-applications-patch-management.html).<br><br>Endpoint Central has a vulnerability age matrix and vulnerability severity summary, which can provide rich insights about the impact of patch implementation. Besides, Endpoint Central also provides comprehensive reports on vulnerable systems and missing patches in your IT.<br><br>**Endpoint Central's SLA for patches:**<br><br>- **Third-party updates** are supported within **6-9 hours** from vendor release.<br>- Security updates are supported within 12-18 hours from vendor release.<br>- Non-security updates are supported within 24 hours from vendor release.<br><br>Endpoint Central's comprehensive patching solution helps you to achieve high patch compliance. |

## Maturity Level 3:

| Mitigation Strategy | Essential Eight Requirement | ISM Control | How Endpoint Central helps |
|---|---|---|---|
| Patch applications | An automated method of asset discovery is used at least fortnightly to support the detection of assets for subsequent vulnerability scanning activities. | ISM-1807 | Endpoint Central uses its agents to fetch the complete details of the inventory present in your IT.<br><br>Refer to the types of [Inventory scans](https://www.manageengine.com/products/desktop-central/help/inventory/scan_systems_for_inventory.html) leveraged by Endpoint Central for monitoring your IT.<br><br>Admins can configure [Inventory alerts](https://www.manageengine.com/products/desktop-central/help/inventory/configure_email_alerts_for_inventory.html) in case of any unauthorized changes taking place inside your IT network.<br><br>Endpoint Central provides [comprehensive vulnerability management](https://www.manageengine.com/vulnerability-management/features.html) in terms of constant assessment and visibility of threats from a single console.<br><br>Apart from vulnerability assessment, it also provides built-in remediation of the vulnerabilities detected.<br><br>Endpoint Central [integrates with Tenable](https://www.manageengine.com/products/desktop-central/tenable-integration.html) for extensive vulnerability detection.<br><br>Endpoint Central has a vulnerability age matrix and vulnerability severity summary, which can provide rich insights about the impact of patch implementation. Besides, Endpoint Central also provides comprehensive reports on vulnerable systems and missing patches in your IT.<br><br>Endpoint Central provides comprehensive patch support for Windows, Linux, and macOSs and Windows Server OS. It also can patch [1,000+ third party applications, hardware drivers, and BIOS](https://www.manageengine.com/patch-management/supported-applications.html).<br><br>**Endpoint Central's SLA for patches:**<br><br>- **Third-party updates** are supported within **6-9 hours** from vendor release.<br>- Security updates are supported within 12-18 hours from vendor release.<br>- Non-security updates are supported within 24 hours from vendor release.<br><br>Endpoint Central's comprehensive patching solution helps you to achieve high patch compliance.<br><br>Endpoint Central helps monitoring your network endpoints continuously and detect [end of life softwares, peer to peer softwares and remote sharing tools present in them](https://www.manageengine.com/vulnerability-management/high-risk-software-audit.html). It also presents the admins with details on the expiry date and the number of days before software in your network becomes end of life. |