ACSC Essential Eight Assessment (E8) Process Guide

The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies, in the form of the Strategies to Mitigate Cyber Security Incidents, to help organisations protect themselves against various cyber threats. The most effective of these mitigation strategies are the Essential Eight.

The Essential Eight Maturity Model, first published in June 2017 and updated regularly, supports the implementation of the Essential Eight. It is based on the ACSC’s experience in producing cyber threat intelligence, responding to cyber security incidents, conducting penetration testing and assisting organisations to implement the Essential Eight.

As the Essential Eight outlines a minimum set of preventative measures, organisations need to implement additional measures where it is warranted by their environment. Further, while the Essential Eight can help to mitigate the majority of cyber threats, it will not mitigate all cyber threats. As such, additional mitigation strategies and security controls need to be considered, including those from the Strategies to Mitigate Cyber Security Incidents and the Information Security Manual (ISM).

Organisations should also consider implementing a cyber security maturity model to help them identify areas of strength and weakness in their existing security posture. This will allow organisations to track progress over time and make informed decisions about where further investment is needed. Additionally, it is important for organisations to have processes in place for responding quickly and effectively when a cyber incident does