An Essential 8 assessment is an assessment of an organization’s cybersecurity posture against the Australian Cyber Security Centre’s (ACSC) Essential Eight mitigation strategies. This assessment is conducted using the Essential Eight Maturity Model which is based on mitigating increasing levels of adversary targeting and tradecraft.
The Essential Eight Maturity Model is divided into three target maturity levels: Maturity Level One, Maturity Level Two, and Maturity Level Three.
Each of these levels represents a different level of security maturity, with Maturity Level One being the lowest and Maturity Level Three being the highest.
At Maturity Level One, an organization is expected to have implemented the basic controls of the Essential Eight. These controls include implementing application whitelisting, patching applications, patching operating systems, using multi-factor authentication, using restricted administrative privileges, using secure configurations, using email filtering, and using endpoint security.
At Maturity Level Two, an organization is expected to have implemented the basic controls of the Essential Eight, as well as additional controls such as application control, user activity monitoring, and data loss prevention.
At Maturity Level Three, an organization is expected to have implemented the basic controls of the Essential Eight, as well as additional controls such as application control, user activity monitoring, data loss prevention, and advanced threat protection. An Essential 8 assessment is an important tool for organizations to assess their cybersecurity posture and ensure that they are taking the necessary steps to protect their data and systems from malicious actors.
.png)
.png)
.png)
.png)