What is Essential Eight?
Eight prioritised mitigation strategies from the Australian Signals Directorate — a baseline expectation for many Australian government entities.
Definition
The Essential Eight is a set of eight prioritised mitigation strategies developed by the Australian Signals Directorate (ASD) to help organisations protect against cyber threats. It sits within the ASD’s broader “Strategies to Mitigate Cyber Security Incidents” and is measured across four maturity levels (0–3).
While designed with Australian government entities in mind, the Essential Eight is widely adopted across Australian industry as a practical, high-impact security baseline.
The eight strategies
Application control
Prevent unapproved programs from running.
Patch applications
Fix known application vulnerabilities quickly.
Configure Office macros
Block untrusted macros from the internet.
User application hardening
Disable risky features and web content.
Restrict admin privileges
Limit and control administrative access.
Patch operating systems
Keep operating systems current and supported.
Multi-factor authentication
Verify users with more than a password.
Regular backups
Back up data and test restoration.
Who needs to comply?
The Essential Eight is expected of many Australian federal government entities and is broadly recommended for Australian businesses seeking a strong, prioritised security baseline.
How ISpectra helps
ISpectra assesses your current Essential Eight maturity level, closes gaps across the eight strategies, and helps you reach and evidence your target maturity.
Talk to an advisor