Skip to content

πŸ“„ Essential Eight Evidence Requirements (MVP)

What It Does

GetCimple helps companies collect and track evidence for Essential Eight compliance. We focus on what auditors actually need to see.

Evidence Collection by Control

1. Application Control

  • Evidence Needed: Whitelist policies, blocked application logs
  • GetCimple Tracks: Policy versions, exception approvals

2. Patch Applications

  • Evidence Needed: Patch status reports, deployment schedules
  • GetCimple Tracks: Patching compliance percentages, overdue systems

3. Configure Microsoft Office Macro Settings

  • Evidence Needed: Group policy settings, macro blocking logs
  • GetCimple Tracks: Policy deployment status, exceptions

4. User Application Hardening

  • Evidence Needed: Browser settings, PDF reader configs
  • GetCimple Tracks: Hardening checklist completion

5. Restrict Administrative Privileges

  • Evidence Needed: Admin user lists, privilege reviews
  • GetCimple Tracks: Admin account inventory, review dates

6. Patch Operating Systems

  • Evidence Needed: OS patch reports, critical update status
  • GetCimple Tracks: System patch compliance, critical vulnerabilities

7. Multi-factor Authentication

  • Evidence Needed: MFA enrollment reports, coverage metrics
  • GetCimple Tracks: MFA adoption rates, exception tracking

8. Regular Backups

  • Evidence Needed: Backup logs, restoration test results
  • GetCimple Tracks: Backup success rates, test schedules

How It Works

  1. Manual Entry: IT staff enter evidence status monthly
  2. Document Upload: Attach screenshots and reports
  3. Automated Tracking: Dashboard shows compliance gaps
  4. Board Reporting: Generate evidence summaries for directors

Business Value

  • Know what evidence auditors will ask for
  • Track compliance in one place
  • Avoid last-minute scrambles during audits
  • Give directors confidence in compliance status

Future Enhancements

Post-MVP may include:

  • API integrations for automated evidence collection
  • Direct connections to security tools
  • Real-time compliance monitoring

For now, we focus on organizing manual evidence collection effectively.