Macrosine is the only product specifically designed to rapidly conform with the ADHA security requirements for Microsoft Office macros
Are you ready?
The Australian Digital Health Agency have strengthened My Health Record protections
The Australian Digital Health Agency has identified a set of security requirements for systems connecting to My Health Record, with controls aligned to the Australian Cyber Security Centre’s Information Security Manual and ‘Essential Eight’ strategies to mitigate cyber security incidents (see also Essential Eight).
These security requirements are described in a Security Requirements Conformance Profile, which is available on the ADHA Developer Centre.
Organisations and systems that connect to My Health Record must conform with the security requirements and provide evidence of how they conform. If you’re not ready for these changes then you may no longer meet the requirements to access or integrate with the My Health Record System.
What does this have to do with Microsoft Office macros?
Within the list of mandatory controls in the conformance profile there are two specific security requirements relating to Microsoft Office macros. Controls SEC-0040 and SEC-0260 describe how macros must be controlled, which includes the need to assess and digitally sign any macros that are used by a system.
Why are SEC-0040 and SEC-0260 being mandated?
Macros are small programs added to Microsoft Office files that automate repetitive tasks. They are useful for creating document templates or automating calculations within Excel and are often included in business processes. Unfortunately, if macros are not controlled, they represent a security risk as malicious actors try to exploit them to gain access to systems and data. Because macro enabled documents are used by business users more than IT operations or security staff and many macro-enabled templates are available for download from the Internet, malicious actors see this as an opportunity to target less cyber-security aware users and embed malicious content within seemingly legitimate files. The code that they included within the macros is often written to contact an external system to trigger the real threat, which makes it more difficult to detect with standard antivirus and signature-based tools.
The complexity for macros is that their value as a business tool means that simply turning them off is not a realistic option for most organisations. As this presents a real risk of compromise to an organisation’s systems and the third-party systems that they interact with, the ADHA is taking a proactive approach to cyber-security and mandating that effective macro security be implemented before a system is authorised to correct to My Health Record.
How can Macrosine help?
Conformance with the ADHA Security Requirements Conformance Profile can be achieved in a matter of days with a combination of Macrosine and the associated Windows policy settings. Macrosine provides the technical capability for rapidly assessing and applying digital signatures to macro-enabled files, and Windows device controls ensure that only macros with a digital signature can run.
By using Macrosine to conform with the revised ADHA security requirements, the business impact and effort required is significantly reduced. People within your business will no longer require security specialists to manually assess lines and lines of technical code. To support the transition and implementation of the necessary security controls, Macrosine includes detailed documentation that can be included for training and communication purposes and the product is so intuitive to use that enabling users can be done in a matter of minutes.
With Macrosine you can retain all of the productivity of Microsoft Office macros, achieve the highest possible security maturity level, ensure the lowest business impact, and meet the mandatory requirements set forth by SEC-0040 and SEC-0260.
Contact Us to make ADHA security conformance for Office Macros a good news story for your organisation today.
