What is Essential Eight Maturity Level 2?
Essential Eight Maturity Level 2 is the middle tier of the Australian Signals Directorate's 3-level maturity model for its Essential Eight mitigation strategies. The levels describe who you can keep out:
- Maturity Level 1 — counters opportunistic attacks using widely available tools
- Maturity Level 2 — counters adversaries willing to invest real time and effort in a specific target
- Maturity Level 3 — addresses sophisticated, targeted intrusions
At Level 2, all 8 strategies — patching, multi-factor authentication, restricted admin privileges, application control, Office macro restrictions, application hardening and backups — must be implemented with tighter timeframes and far fewer exceptions than Level 1, which in practice assumes centrally managed devices and someone whose job is IT. It matters to small businesses because it is the minimum cyber standard for every Defence Industry Security Program member. The full model is free at cyber.gov.au. ML2 is a managed-IT-environment standard — budget for help if you do not have one.