Essential Eight
The Australian Cyber Security Centre's recommended baseline of eight mitigation strategies for protecting business systems against cyber threats.
In detail
The Essential Eight is published by the Australian Signals Directorate's Australian Cyber Security Centre (ACSC). The eight mitigations are: application control, patch applications, configure Microsoft Office macro settings, user application hardening, restrict administrative privileges, patch operating systems, multi-factor authentication, and regular backups. Each mitigation is rated against a four-level maturity model from zero (not implemented) to three (fully aligned). It is the de facto baseline for any Australian organisation that takes security seriously.
Why it matters for Australian business
The Essential Eight is the most common framework Australian boards and funders ask about. Government suppliers are typically required to demonstrate maturity-level alignment. For private SMBs it is voluntary but increasingly the expected starting point. We align all our infrastructure work to the Essential Eight and can document where a client sits against each maturity level.