The Essential 8 was created by The Australian Cyber Security Centre (ACSC). Its objectives are to help Prevent Cyberattacks, Limit the Impact of any Cyberattacks that occur and to ensure a successful Data Recovery and System Availability. If implemented properly, the Essential 8 can help to mitigate up to 85% of cyber threats according to ACSC.
It is designed to be a baseline to protect Australian businesses against cyber threats and improve their cyber resilience. Although no single strategy is guaranteed to prevent all attacks, the Essential 8 helps businesses understand risk mitigation strategies that can be implemented.
The Essential 8 framework includes the following sections:
- Application Control
- Patch Management
- Configure Microsoft Office Macro Settings
- User Application Hardening
- Restrict Administrative Privileges
- Patch Operating Systems
- Multi-factor Authentication
- Regular Backups
ACSC identity different Maturity Levels that businesses should strive to achieve.
These maturity levels are:
Maturity Level 0
All businesses start at level 0 until an assessment is conducted to confirm you are meeting all 8 of the recommendations. If ANY of the recommendations are not meet then a Maturity Level 0 is given.
Maturity Level 1
Generally suitable for small to medium enterprises. For a business to obtain a Maturity Level 1, they need to achieve ALL 8 recommendations the most basic level.
Maturity Level 2:
Suitable for large enterprises. Businesses that are aligned with all of the 8 recommendations and with a stronger cyber security strategy can achieve Maturity Level 2.
Maturity Level 3:
Suitable for critical infrastructure providers and other organizations that operate in high threat environment. Businesses who have more capability to protect, detect, recover, and minimize their cyber security risk by implementing recommendations through all the maturity 3 levels can achieve Maturity Level 3.