The Essential Eight

The Essential Eight


The Essential Eight are a set of recommended controls designed to protect Microsoft Windows-based internet-connected networks.

In 2017, The Australian Cyber Security Centre (ACSC) published a set of mitigation strategies that were designed to help organisations to protect themselves against cyber security incidents. These strategies, which became known as the Essential Eight, are designed specifically for use on Windows networks, although variations of these strategies are commonly applied to other platforms.

While the Essential Eight may be applied to cloud services and enterprise mobility, or other operating systems, it was not primarily designed for such purposes and alternative mitigation strategies may be more appropriate to mitigate unique cyberthreats to these environments. In such cases, organisations should consider alternative guidance provided by the ACSC.

Break down of requirements

8 strategies, 91 controls

Best suited for

Businesses who wish to ensure their primarily Windows based environment is secured against the most common threats and/or companies who wish to provide services to Australian Government departments.

Can a business be certified or assessed against this standard?

Essential Eight cannot be certified however a business can employ a authorised IRAP assessor to undertake an assessment of the Essential Eight implementation which can provide them with some assurance and could be a good first step to being IRAP assessed against eh Australian Government ISM.

Who can assess or audit a business against this standard?

Not applicable

Governed by

The Australian Cyber Security Centre (ACSC)

Region focus


How Assuredly can help you align to this standard or framework?

Discover the empowering world of Assuredly - your ultimate partner in ensuring your business's security! Our platform offers a seamless, guided process that will effortlessly walk you through assessing your business against the crucial Essential Eight requirements. Say goodbye to confusion, as our expert guidance provides you with invaluable insights into control requirements, testing procedures, and even auditor expectations for evidence. With lightning-fast outcomes displayed on our intuitive dashboard, you'll feel in control like never before. Take it a step further and create comprehensive, detailed reports that align findings back to risks and controls. Join InfoSecAssure today and embark on a journey towards a secure and fortified future for your business!

Book a free demonstration or talk to one of our team today to uncover how we can help ensure you align to standards while also understanding your risks and knowing what action to take to keep your business secure.