Essential Eight Self-Assessment Quiz Australia
Assess your organisation's cybersecurity maturity against the Australian Cyber Security Centre's Essential Eight framework. Get your maturity level score and actionable improvement recommendations.
Essential Eight Assessment
Question 1 of 8
How does your organisation control which applications can run?
About the Essential Eight Framework
The Essential Eight is a prioritised list of mitigation strategies developed by the Australian Cyber Security Centre (ACSC) to help organisations protect themselves against cyber threats. These strategies are designed to be the baseline for organisations of all sizes.
Application Control
Prevent execution of unapproved applications including .exe, DLL, scripts, and installers.
Prevent malware executionPatch Applications
Patch applications (e.g., Flash, web browsers, Microsoft Office, Java) within 48 hours if a critical vulnerability exists.
Prevent malware executionConfigure Microsoft Office Macros
Block macros from the internet, and only allow vetted macros in trusted locations with limited write access.
Prevent malware executionUser Application Hardening
Configure web browsers to block Flash, ads, and Java. Disable unneeded features in Microsoft Office and PDF readers.
Prevent malware executionRestrict Admin Privileges
Restrict administrative privileges to operating systems and applications based on user duties.
Limit cyber intrusion extentPatch Operating Systems
Patch operating systems within 48 hours if a critical vulnerability exists. Use the latest OS version.
Limit cyber intrusion extentMulti-Factor Authentication
Implement MFA for VPNs, RDP, SSH, and other remote access, as well as for privileged users.
Limit cyber intrusion extentRegular Backups
Perform daily backups of important data, software, and configuration settings. Store backups disconnected and test restoration.
Recover data and availabilityMaturity Levels Explained
Not Aligned
The mitigation strategy is not implemented or only partially implemented with significant gaps.
Partly Aligned
Basic implementation with some controls in place. Suitable for small organisations with low risk.
Mostly Aligned
Intermediate controls implemented. Recommended baseline for most Australian organisations.
Fully Aligned
Advanced controls fully implemented. Required for high-security environments and government.
Frequently Asked Questions
What is the Essential Eight?
The Essential Eight is a cybersecurity framework developed by the Australian Cyber Security Centre (ACSC). It comprises eight mitigation strategies that, when implemented, make it much harder for adversaries to compromise systems. The strategies cover application control, patching, macro settings, user application hardening, admin privileges, multi-factor authentication, backups, and patching operating systems.
Is Essential Eight mandatory in Australia?
Essential Eight is mandatory for Australian government agencies and is increasingly required in government contracts. While not legally required for private businesses, it is considered best practice and is often required by cyber insurance providers and enterprise clients.
What are the Essential Eight maturity levels?
Essential Eight has four maturity levels: Level 0 (not aligned), Level 1 (partly aligned with basic controls), Level 2 (mostly aligned with intermediate controls), and Level 3 (fully aligned with advanced controls). Most organisations should aim for Level 2 minimum, with Level 3 for high-risk environments.
Need Help Implementing the Essential Eight?
Our cybersecurity experts can assess your current state and create a roadmap to achieve your target maturity level.