Australia's Essential Eight —
the definitive reference.
The ASD Essential Eight is Australia's cybersecurity baseline. Eight mitigation strategies, four maturity levels, and one framework that 78% of Australian organisations have yet to reach at ML2. This is your independent reference, with a live M365 changelog powered by the M365 Signal API.
Australia's 2026–2028 Cyber Security Strategy positions Essential Eight Maturity Level 2 as the recommended baseline for every sector, with ML3 for critical infrastructure. Procurement panels, cyber insurers, and supply-chain partners are already asking for evidence of ML2 maturity. (No statutory ML2 mandate applies to the general private sector — separate regimes cover Australian Government entities, critical infrastructure operators under SOCI, and defence supply chain under DISP.)
The eight controls
Eight mitigation strategies, sequenced from highest-leverage to most-essential. Each control has four maturity levels (ML0–ML3) with progressively stronger defences. Click any control for the ASD breakdown.
Microsoft 365 changes affecting Essential Eight
Every Microsoft 365 change that touches an E8 control, classified by the M365 Signal API and tagged to the relevant controls. Updated hourly.
Built by Australian Essential Eight
specialists.
essential8.net is maintained by EDUC4TE — an Australian cybersecurity training and assessment practice with IRAP PICTA accreditation and Essential Eight ML2 delivery experience. This site is a public reference, not a sales page. We publish what we know from delivering real E8 assessments to Australian organisations.
IRAP PICTA Accredited · Essential Eight ML2 · 100+ assessments delivered