ISpectra Technologies
Government · Security Baseline

What is Essential Eight?

Eight prioritised mitigation strategies from the Australian Signals Directorate — a baseline expectation for many Australian government entities.

Definition

The Essential Eight is a set of eight prioritised mitigation strategies developed by the Australian Signals Directorate (ASD) to help organisations protect against cyber threats. It sits within the ASD’s broader “Strategies to Mitigate Cyber Security Incidents” and is measured across four maturity levels (0–3).

While designed with Australian government entities in mind, the Essential Eight is widely adopted across Australian industry as a practical, high-impact security baseline.

The eight strategies

1

Application control

Prevent unapproved programs from running.

2

Patch applications

Fix known application vulnerabilities quickly.

3

Configure Office macros

Block untrusted macros from the internet.

4

User application hardening

Disable risky features and web content.

5

Restrict admin privileges

Limit and control administrative access.

6

Patch operating systems

Keep operating systems current and supported.

7

Multi-factor authentication

Verify users with more than a password.

8

Regular backups

Back up data and test restoration.

Who needs to comply?

The Essential Eight is expected of many Australian federal government entities and is broadly recommended for Australian businesses seeking a strong, prioritised security baseline.

How ISpectra helps

ISpectra assesses your current Essential Eight maturity level, closes gaps across the eight strategies, and helps you reach and evidence your target maturity.

Talk to an advisor