ToolsEssential 8

Essential Eight Assessment Quiz

Assess your cybersecurity maturity against the ACSC Essential Eight framework. Get your maturity level score and actionable improvement recommendations.

All 8 mitigation strategies coveredMaturity level scoring (0-3)Gap analysis reportPrioritised recommendationsCompliance roadmap

Essential Eight Assessment

Question 1 of 8

Application Control

How does your organisation control which applications can run?

No controlsLevel 0

Any application can be installed and run

Basic controlsLevel 1

Antivirus blocks known malware; limited app restrictions

Whitelist approachLevel 2

Only approved applications can run on workstations

Full whitelistingLevel 3

Strict application control on all systems including servers; regular reviews

About the Framework

The Essential Eight is a prioritised list of mitigation strategies developed by the Australian Cyber Security Centre (ACSC) to help organisations protect themselves against cyber threats.

Application Control

Prevent execution of unapproved applications including .exe, DLL, scripts, and installers.

Prevent malware execution

Patch Applications

Patch applications within 48 hours if a critical vulnerability exists.

Prevent malware execution

Configure Office Macros

Block macros from the internet, and only allow vetted macros in trusted locations.

Prevent malware execution

User App Hardening

Configure web browsers to block Flash, ads, and Java. Disable unneeded features.

Prevent malware execution

Restrict Admin Privileges

Restrict administrative privileges to operating systems and applications based on user duties.

Limit cyber intrusion

Patch Operating Systems

Patch operating systems within 48 hours if a critical vulnerability exists.

Limit cyber intrusion

Multi-Factor Authentication

Implement MFA for VPNs, RDP, SSH, and other remote access.

Limit cyber intrusion

Regular Backups

Perform daily backups of important data. Store backups disconnected and test restoration.

Recover data

Maturity Levels Explained

Not Aligned

Partly Aligned

Mostly Aligned

Fully Aligned

Common Questions

What is the Essential Eight?

The Essential Eight is a cybersecurity framework developed by the Australian Cyber Security Centre (ACSC). It comprises eight mitigation strategies that, when implemented, make it much harder for adversaries to compromise systems. The strategies cover application control, patching, macro settings, user application hardening, admin privileges, multi-factor authentication, backups, and patching operating systems.

Is Essential Eight mandatory in Australia?

Essential Eight is mandatory for Australian government agencies and is increasingly required in government contracts. While not legally required for private businesses, it is considered best practice and is often required by cyber insurance providers and enterprise clients.

What are the Essential Eight maturity levels?

Essential Eight has four maturity levels: Level 0 (not aligned), Level 1 (partly aligned with basic controls), Level 2 (mostly aligned with intermediate controls), and Level 3 (fully aligned with advanced controls). Most organisations should aim for Level 2 minimum, with Level 3 for high-risk environments.