Essential Eight Maturity Model
Essential Security for your Business
The Essential Eight is a set of mitigation strategies developed by the Australian Cyber Security Centre (ACSC) to help organisations protect themselves against cyber attacks. Implementing these strategies is essential for any organisation that wants to prevent a large percentage of common cyber attacks. This page provides information about the different strategies included in the Essential Eight, as well as detailing our services to help organisations implement these strategies and stay secure. By implementing the Essential Eight, organisations can improve their security posture, reduce the risk of cyber attacks, comply with regulatory requirements, and improve customer trust and reputation.
To assist organisations in determining the maturity of their implementation of the Essential Eight, three maturity levels have been defined for each mitigation strategy. The maturity levels are defined as:
Maturity Level One
Partly aligned with the intent of the mitigation strategy
Maturity Level Two
Mostly aligned with the intent of the mitigation strategy
Maturity Level Three
Fully aligned with the intent of the mitigation strategy
alltasksITs Essential 8 Webinar
Watch our Essential 8 Webinar recording to learn more about the Essential 8 and the different maturity levels to suit your business.
The Essential 8 Maturity Model
Discover the power of the Essential Eight Maturity Model and unlock a comprehensive view of how your business can effectively defend against cyber threats across all aspects of your operations.
Prevent executable, script, HTML, and control panel applet execution on workstations from standard user profiles & temporary folders.
Microsoft Office macros
User application hardening
Operating system patching
What maturity level should your business aim for?
To ensure robust protection against cyber threats, it is recommended that organisations strive to achieve Maturity Level Three for each mitigation strategy outlined in the Essential 8 framework. However, certain organisations may face greater risks due to factors such as the level of targeted attacks or the nature of their operations. In such cases, the Australian Cyber Security Centre (ACSC) may determine that a higher level of maturity is necessary and will provide customised guidance to meet the unique needs of the organisation.