User application hardening

Essential Eight control	Implementation guidance	AWS resources	AWS Well-Architected guidance
Web browsers do not process Java from the internet.	See Technical example: User application hardening (ACSC website)	Not applicable	Not applicable
Web browsers do not process web advertisements from the internet.
Internet Explorer 11 is disabled or removed.
Microsoft Office is blocked from creating child processes.
Microsoft Office is blocked from creating executable content.
Microsoft Office is blocked from injecting code into other processes.
Microsoft Office is configured to prevent activation of OLE packages.
PDF software is blocked from creating child processes.
ACSC or vendor hardening guidance for web browsers, Microsoft Office and PDF software is implemented.
Web browser, Microsoft Office and PDF software security settings cannot be changed by users.
.NET Framework 3.5 (includes .NET 2.0 and 3.0) is disabled or removed.
Windows PowerShell 2.0 is disabled or removed.
PowerShell is configured to use Constrained Language Mode.
Blocked PowerShell script executions are centrally logged and protected from unauthorised modification and deletion, monitored for signs of compromise, and actioned when cyber security events are detected.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Configure Microsoft Office macro settings

Restrict administrative privileges