The Essential Eight is the ASD/ACSC baseline of eight mitigation strategies recommended to make systems harder to compromise. This tool walks you through every one and scores your maturity, so you know exactly where you stand.
The eight mitigation strategies
The assessment covers all eight strategies as published by the ACSC:
- Application control
- Patch applications
- Configure Microsoft Office macro settings
- User application hardening
- Restrict administrative privileges
- Patch operating systems
- Multi-factor authentication
- Regular backups
Maturity scoring, ML0 to ML3
Each strategy is scored against the Essential Eight Maturity Model, from Maturity Level Zero (ML0) through to Maturity Level Three (ML3). You record your position control by control, attach evidence and notes, and see your overall maturity at a glance. For what each level means, see Essential Eight maturity levels explained.
Gaps, remediation and reporting
The tool highlights where you fall short of your target level and lets you plan remediation, then track progress over time as you close the gaps. When you are ready, export a review-ready PDF that shows your maturity and evidence to a board, client or auditor. Gaps flow into the cyber risk register so treatment and compliance stay in sync.
Frequently asked questions
What is the Essential Eight?
The Essential Eight is a baseline of eight mitigation strategies from the ASD/ACSC, recommended to make it harder for adversaries to compromise systems. It is prioritised and technical, and maturity is measured from ML0 to ML3.
Does the tool upload my assessment?
No. Assessments are stored in your own browser; the contents are never uploaded. Only your account and subscription status are stored, via Supabase and Stripe.
Is this an official ACSC assessment?
No. It is a self-assessment aid to help you prepare and track maturity. It does not replace an independent assessment by a qualified assessor.