What is the ASD Essential Eight?
The Essential Eight is the Australian Signals Directorate's list of the 8 mitigation strategies that block most common attacks on Windows-based corporate networks:
- patch applications
- patch operating systems
- multi-factor authentication
- restrict administrative privileges
- application control
- restrict Microsoft Office macros
- user application hardening
- regular backups
Each strategy has defined maturity levels, and federal government entities are required to assess against the model. For an Australian small business, the Essential Eight is a reference frame, not a compliance checklist — the maturity model assumes managed Windows networks and IT staff to run them. The transferable items are the plain ones: turn on multi-factor authentication, keep software updated, and keep working backups. If a contract or tender asks for 'Essential Eight maturity', that is the moment to bring in an assessor — it is not something a 6-person business adopts by default. The full model is published free on the ACSC's Essential Eight page.