ACSC essential eight

What is the ACSC Essential 8 (E8)?

While all organisations operate differently and have different risk profiles, no single mitigation strategy is guaranteed to prevent cyber-security incidents from occurring. The ACSC’s recommendation of implementing the Essential 8 (E8) mitigation strategies as a baseline effectively makes it harder for adversaries to compromise systems. ACSC found that an effective implementation of Essential 8 strategies can mitigate 85% of cyber threats. Proactive approaches to implementing these strategies are cost-effective solutions in terms of time, money and effort than simply being reactive to responding to large scale cyber-security incidents. The NSW Government’s Cyber Security Policy requires the implementation, amongst others, of the Australian Cyber Security Centre’s (ACSC) Essential 8 security controls. The policy requires (Requirement 3.1 and 3.2) an independent annual assessment of all mandatory requirements in the policy for the previous financial year, including a maturity assessment (referred to by Sekuro as ‘gap and maturity assessment’) against the ACSC Essential 8. ACSC’s recommended implementation order for each adversary can assist organisations in building a strong cyber-security posture for their business and the support systems, which are critical to an organisation’s success in delivering business objectives, i.e., no business interruption due to a cyber-security incident.

ACSC Essential 8 Controls and their Importance:

The Essential 8 strategies focus on 3 key objectives for mitigation strategy. The infographic below explains each of the mitigation strategies, the controls, and the importance of these controls:

Effective implementation of these controls is a starting point, and continual improvement to bring maturity is key in keeping up with the changing cyber threat landscape. Once the baseline controls are implemented, organisations should focus on increasing the maturity of their implementation such that they eventually reach full alignment in keeping the intent of each mitigation strategy.

ACSC Essential 8 (E8)

ACSC has defined three maturity levels to assist organisations in determining the maturity of their implementation. The maturity criteria defined in ACSC Maturity Model includes:    

  • Maturity Level 1 – Partly aligned with intent of mitigation strategy.
  • Maturity Level 2 – Mostly aligned with intent of mitigation strategy.
  • Maturity Level 3 – Fully aligned with intent of mitigation strategy.

Sekuro’s ACSC Essential 8 Maturity Assessment Approach

Sekuro follows a mature assessment and auditing approach to provide organisations with assurance on its effective alignment with the Essential 8 controls and roadmap to achieve the highest level of maturity.

Our assessment process leverages the people, process, and technology aspects with a combination of advanced auditing tools to provide an objective assessment of risk and compliance to the Essential 8 controls.

ACSC Table | Privasec


Our reports provide a holistic and detailed view of the organisation’s current compliance to the Essential 8, cyber-risk exposure profile and the current maturity. We also deliver a detailed compliance roadmap against each of the mitigation strategies, with recommendations of ways to achieve the highest level of maturity.

These reports form a baseline for the Annual Compliance Reporting and can be used to support the organisation’s cyber-security reporting, for example, NSW Cyber Security Policy Annual reporting and attestations submissions to relevant governance bodies including the Cyber Security Senior Officers Group (CSSOG) and the ICT and Digital Leadership Group (IDLG).

Already know what you are after?

Get a quick quote from our consultants.

Scroll to Top