The Essential Eight Maturity Model, first published in June 2017 and updated regularly.
The Australian Cyber Security Centre (ACSC) has further strengthened the implementation guidance for the Essential Eight through changes that reflect its experience in producing cyber threat intelligence, responding to cyber security incidents, conducting penetration testing and assisting organisations to implement the Essential Eight.
The Essential Eight is a series of baseline mitigation strategies taken from the Strategies to Mitigate Cyber Security Incidents recommended for organisations. Implementing these strategies as a minimum makes it much harder for adversaries to compromise systems.
While no single mitigation strategy is guaranteed to prevent cyber security incidents, organisations are recommended to implement eight essential mitigation strategies as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems. Furthermore, implementing the Essential Eight proactively can be more cost-effective in terms of time, money and effort than having to respond to a large-scale cyber security incident.
There is a suggested implementation order for each adversary type to assist organisations in building a strong cyber security posture for their systems. Once organisations have implemented their desired mitigation strategies to an initial level, they should focus on increasing the maturity of their implementation such that they eventually reach full alignment with the intent of each mitigation strategy.
The Essential Eight Maturity Model now prioritises the implementation of all eight mitigation strategies as a package due to their complementary nature and focus on various cyber threats. Organisations should fully achieve a maturity level across all eight mitigation strategies before moving to achieve a higher maturity level.
In addition, there is also an increased emphasis on risk management, which includes better enabling organisations to manage risks associated with legacy systems.
Changes to the Essential Eight Maturity Model follow a thorough review by the ACSC which included consultation with government and industry partners.
The ACSC’s Essential Eight are the most effective mitigation strategies organisations can adopt to protect themselves against cyber threats, with the Essential Eight Maturity Model is designed to assist organisations to implement them.