# User application hardening
<a name="user-application-hardening"></a>


****  

<table>
<thead>
  <tr><th>Essential Eight control</th><th>Implementation guidance</th><th>AWS resources</th><th>AWS Well-Architected guidance</th></tr>
</thead>
<tbody>
  <tr><td>Web browsers do not process Java from the internet.</td><td rowspan="14">See [Technical example: User application hardening](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/small-business-cyber-security/small-business-cloud-security-guide/technical-example-user-application-hardening) (ACSC website)</td><td rowspan="14">Not applicable</td><td rowspan="14">Not applicable</td></tr>
  <tr><td>Web browsers do not process web advertisements from the internet.</td></tr>
  <tr><td>Internet Explorer 11 is disabled or removed.</td></tr>
  <tr><td>Microsoft Office is blocked from creating child processes.</td></tr>
  <tr><td>Microsoft Office is blocked from creating executable content.</td></tr>
  <tr><td>Microsoft Office is blocked from injecting code into other processes.</td></tr>
  <tr><td>Microsoft Office is configured to prevent activation of OLE packages.</td></tr>
  <tr><td>PDF software is blocked from creating child processes.</td></tr>
  <tr><td>ACSC or vendor hardening guidance for web browsers, Microsoft Office and PDF software is implemented.</td></tr>
  <tr><td>Web browser, Microsoft Office and PDF software security settings cannot be changed by users.</td></tr>
  <tr><td>.NET Framework 3.5 (includes .NET 2.0 and 3.0) is disabled or removed.</td></tr>
  <tr><td>Windows PowerShell 2.0 is disabled or removed.</td></tr>
  <tr><td>PowerShell is configured to use Constrained Language Mode.</td></tr>
  <tr><td>Blocked PowerShell script executions are centrally logged and protected from unauthorised modification and deletion, monitored for signs of compromise, and actioned when cyber security events are detected.</td></tr>
</tbody>
</table>