The framework

The eight strategies, in the ACSC's own three objectives.

The Essential Eight is the ACSC's baseline for mitigating cyber security incidents. It groups eight mitigation strategies under three objectives — prevent, limit, and recover — and scores each one from Level 0 (not aligned) to Level 3 (fully aligned).

Prevent

Stopping malware delivery and execution before it starts.

  • Application control
  • Patch applications
  • Configure Microsoft Office macro settings
  • User application hardening

Limit

Reducing the extent of an incident once something gets through.

  • Restrict administrative privileges
  • Patch operating systems
  • Multi-factor authentication

Recover

Making sure data and systems come back if the worst happens.

  • Regular backups

Most businesses have never had all eight measured against the same standard, at the same time, by someone with no reason to inflate the result.

Get your baseline scored →