Contact Us

Essential Eight Assessment

Independent assessment of current maturity against the ACSC Essential Eight model, with a prioritised roadmap to the target maturity level.

What is an Essential Eight assessment?

The Essential Eight is the ACSC’s set of eight prioritised cyber security mitigation strategies. The Australian Government requires Commonwealth entities to implement the Essential Eight at Maturity Level 2 or above. Many state government agencies and private sector organisations use the same model as a baseline security standard.

A maturity assessment evaluates your current implementation across all eight strategies against the ACSC Essential Eight Maturity Model. It establishes where you are today, where your gaps are relative to your target maturity level, and what you need to do to close them.

Who needs an Essential Eight assessment?

Government agencies: Commonwealth entities with a mandate to achieve Essential Eight ML2 or above. State government agencies with equivalent requirements. Agencies preparing for an IRAP assessment where the Essential Eight is part of the scope.

Commercial organisations: Organisations required to demonstrate Essential Eight compliance as a condition of a government contract, an insurance policy, or a supplier security questionnaire. Also relevant for organisations using the Essential Eight as a practical security baseline before pursuing ISO 27001 certification.

How does the assessment work?

  1. Phase 1: Documentation and configuration review. This involves a review of security policies, configuration baselines, patch management records, and access control documentation against each Essential Eight strategy at the target maturity level.
  2. Phase 2: Reporting. We deliver the assessment report, maturity heatmap, and remediation roadmap.

Deliverables

  1. Maturity assessment report with findings against all eight strategies,
  2. Maturity heatmap showing current vs target state by strategy,
  3. Prioritised remediation roadmap with effort estimates, and
  4. An executive summary suitable for board or leadership reporting.

Timeline

3 to 6 weeks depending on assessment boundary size and documentation maturity.

Pricing

Contact us to discuss scope and pricing. Assessments are priced based on assessment boundary size and target maturity level.

Based in Australia. Serving Globally.

Listed on BuyICT and selected Australian government procurement panels, including NSW SCM0020.

Our practitioners bring senior CISO experience across SMBs, Government, education, healthcare, not-for-profit, financial services, and technology. Every engagement is led by an experienced practitioner from scoping through to delivery.

Explore All Services

Talk to Our Experts

We provide a large range of security services.

Reach out to us for a no obligation confidential conversation.
Please do not share any sensitive information in this form.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

By clicking Submit, you agree to our Terms and Conditions and Privacy Policy.