What is Essential Eight Maturity Level 1?
Essential Eight Maturity Level 1 is the entry tier of the Australian Signals Directorate's maturity model — the level designed to stop opportunistic attackers using widely available tools against whoever looks easiest. It requires all 8 mitigation strategies in their baseline form:
- patching applications and operating systems within defined timeframes
- multi-factor authentication on remote access and important services
- restricted administrative privileges and application control
- Microsoft Office macro restrictions and user application hardening
- regular, tested backups
Below it sits Maturity Level 0 — the implicit grade for everything else, which is where most unmanaged small-business environments land. ML1 is the realistic first target for a business with managed devices and an IT provider, and the level most supply-chain questionnaires have in mind. If a contract names a higher level — like DISP’s Maturity Level 2 — ML1 is the milestone on the way, not the destination.