ML0 to ML3, control by control

Essential Eight Assessment Tool

Assess all eight ASD/ACSC mitigation strategies, score your maturity from ML0 to ML3, and track evidence and remediation - in your browser, with nothing uploaded.

The Essential Eight is the ASD/ACSC baseline of eight mitigation strategies recommended to make systems harder to compromise. This tool walks you through every one and scores your maturity, so you know exactly where you stand.

The eight mitigation strategies

The assessment covers all eight strategies as published by the ACSC:

Maturity scoring, ML0 to ML3

Each strategy is scored against the Essential Eight Maturity Model, from Maturity Level Zero (ML0) through to Maturity Level Three (ML3). You record your position control by control, attach evidence and notes, and see your overall maturity at a glance. For what each level means, see Essential Eight maturity levels explained.

Gaps, remediation and reporting

The tool highlights where you fall short of your target level and lets you plan remediation, then track progress over time as you close the gaps. When you are ready, export a review-ready PDF that shows your maturity and evidence to a board, client or auditor. Gaps flow into the cyber risk register so treatment and compliance stay in sync.

Note: Cyber Compliance is a self-assessment and reporting aid, not a certification, audit or legal advice. Outputs help you prepare and track gaps; confirm your position with a qualified auditor, certification body or legal adviser before relying on it.

Frequently asked questions

What is the Essential Eight?

The Essential Eight is a baseline of eight mitigation strategies from the ASD/ACSC, recommended to make it harder for adversaries to compromise systems. It is prioritised and technical, and maturity is measured from ML0 to ML3.

Does the tool upload my assessment?

No. Assessments are stored in your own browser; the contents are never uploaded. Only your account and subscription status are stored, via Supabase and Stripe.

Is this an official ACSC assessment?

No. It is a self-assessment aid to help you prepare and track maturity. It does not replace an independent assessment by a qualified assessor.

Start your free trial