Frameworks / Essential Eight

Essential Eight assessment, remediation & maturity uplift

The Essential Eight, developed by the Australian Cyber Security Centre (ACSC), is a baseline cybersecurity framework increasingly referenced by enterprise buyers and regulators worldwide. We assess your current maturity level, remediate gaps, and help you reach your target maturity — whether that's ML1, ML2, or ML3.

Book an E8 Assessment →

What is the Essential Eight?

The Essential Eight is a set of eight mitigation strategies recommended by the Australian Signals Directorate (ASD) to protect organisations against cyber threats. Originally published as the "Top 4" and expanded to eight, these strategies address the most common attack vectors and are now a de facto requirement for many Australian government contracts and increasingly expected by enterprise clients and regulators.

The eight strategies

  • Application Control — Prevent execution of unapproved and malicious programs
  • Patch Applications — Apply patches to applications within defined timeframes
  • Configure Microsoft Office Macro Settings — Block macros from the internet, only allow vetted macros
  • User Application Hardening — Configure web browsers and other apps to block risky content
  • Restrict Administrative Privileges — Limit admin access to those who need it
  • Patch Operating Systems — Apply OS patches within defined timeframes
  • Multi-Factor Authentication — Require MFA for all users accessing sensitive systems
  • Regular Backups — Perform, test, and protect backups of important data

How CypherLeap delivers

1

Maturity Assessment

We assess your current Essential Eight maturity level across all eight strategies using ASD's maturity model. You receive a detailed report showing your current state, gaps, and a prioritised remediation roadmap.

2

Remediation & Implementation

Our engineers implement the technical controls required to reach your target maturity level. This includes policy configuration, tool deployment, process development, and integration with your existing infrastructure.

3

Validation & Evidence

We validate all controls are operating effectively and compile the evidence package needed to demonstrate compliance to auditors, regulators, or clients.

4

Ongoing Maintenance

Essential Eight compliance isn't set-and-forget. We provide ongoing monitoring, patching management, and quarterly maturity reviews to ensure you maintain and improve your posture.

Essential Eight at a Glance

Assessment time2–3 weeks
ML1 remediation4–8 weeks
ML2 remediation8–16 weeks
ML3 remediation16–24 weeks

Who needs Essential Eight?

Financial services (APRA)Healthcare providersGovernment contractorsDefence suppliers (DISP)Any Australian business