Essential Eight compliance for Australian businesses

The Essential Eight is the Australian Signals Directorate's set of eight baseline cyber security controls, assessed across maturity levels 0 to 3. Most regulated businesses target Maturity Level 2, and it is the current minimum for DISP membership. ASD has announced the Essential Eight will be replaced by a new Essentials series over the next two years, but the controls you invest in now carry across, and the Essential Eight remains the standard in force today.

The eight controls are application control, patching applications, configuring Microsoft Office macros, user application hardening, restricting administrative privileges, patching operating systems, multi-factor authentication, and regular backups.

Start here

What is Essential Eight Maturity Level 2, and what does it involve?

Is the Essential Eight being retired, and what is the Essentials series?

How Blue Arc helps

We run a gap assessment against your target maturity level, implement and maintain the controls, and produce the evidence you need for audits, tenders or DISP self-assessment. We have supported Australian businesses since 2004 and are experienced supporting DISP member organisations. For Defence-industry work in particular, see our DISP IT support in Canberra.

talk to us

Frequently asked questions

What Essential Eight maturity level should we target?

Most regulated Australian businesses target Maturity Level 2, and it is the minimum for DISP membership. The right target depends on your contracts, sector and risk, which we assess before recommending a level.

Is the Essential Eight still worth doing given it is being replaced?

Yes. It is the standard in force today and ASD has confirmed your investment carries across to the incoming Essentials series.