Quick scorecard
We'll show your current maturity for each control and a 90‑day plan to lift the weakest areas first.
The eight controls, simplified
| Control | What it means | What we do |
|---|---|---|
| Application control | Only trusted apps run | Whitelisting policies, publisher rules |
| Patch applications | Software is up to date | Patch cadence, urgent CVE process |
| Configure MS Office macros | Macros don't auto‑run | Block unsigned macros, trusted locations |
| User application hardening | Block risky features | Browser hardening, disable legacy auth |
| Restrict admin privileges | Fewer admins, fewer gaps | Role redesign, just‑in‑time elevation |
| Patch operating systems | OS is current | Rings, maintenance windows, reporting |
| Multi‑factor authentication | MFA everywhere it matters | CA policies, phishing‑resistant options |
| Regular backups | Recover when things go wrong | Immutable backups, tested restores |
Roadmap: assess → remediate → monitor
1
Assess
Evidence‑based baseline with quick wins.
2
Remediate
Policies, patching, and training rolled out in phases.
3
Monitor
Monthly checks, drift alerts, and improvement backlog.
Evidence & reporting
- • Audit‑friendly reports and change logs
- • Board‑level summaries with risk ratings
- • Proof of backup tests and incident post‑mortems
Bundle with support
Controls stick when helpdesk, patching, and policies are handled together.
Pair with /mdr-edr/ for 24/7 eyes‑on.
FAQs
Will staff notice?
Minimal disruption. We communicate and phase changes.
How long does uplift take?
Typical 6–12 weeks for baseline maturity.
Is this overkill for small teams?
No—the controls scale down cleanly.