ACSC Essential Eight
Australian Cyber Security Centre Essential Eight Maturity Model: eight prioritised mitigation strategies with three maturity levels.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (8)
Application Control
| Code | Title |
|---|---|
| E8-APP-ML1 | Application Control (ML1) |
| E8-APP-ML2 | Application Control (ML2) |
| E8-APP-ML3 | Application Control (ML3) |
Configure Microsoft Office Macro Settings
| Code | Title |
|---|---|
| E8-MACRO-ML1 | Configure Microsoft Office Macro Settings (ML1) |
| E8-MACRO-ML2 | Configure Microsoft Office Macro Settings (ML2) |
| E8-MACRO-ML3 | Configure Microsoft Office Macro Settings (ML3) |
Multi-factor Authentication
| Code | Title |
|---|---|
| E8-MFA-ML1 | Multi-factor Authentication (ML1) |
| E8-MFA-ML2 | Multi-factor Authentication (ML2) |
| E8-MFA-ML3 | Multi-factor Authentication (ML3) |
Patch Applications
| Code | Title |
|---|---|
| E8-PATCHAPP-ML1 | Patch Applications (ML1) |
| E8-PATCHAPP-ML2 | Patch Applications (ML2) |
| E8-PATCHAPP-ML3 | Patch Applications (ML3) |
Patch Operating Systems
| Code | Title |
|---|---|
| E8-PATCHOS-ML1 | Patch Operating Systems (ML1) |
| E8-PATCHOS-ML2 | Patch Operating Systems (ML2) |
| E8-PATCHOS-ML3 | Patch Operating Systems (ML3) |
Regular Backups
| Code | Title |
|---|---|
| E8-BACKUP-ML1 | Regular Backups (ML1) |
| E8-BACKUP-ML2 | Regular Backups (ML2) |
| E8-BACKUP-ML3 | Regular Backups (ML3) |
Restrict Administrative Privileges
| Code | Title |
|---|---|
| E8-ADMIN-ML1 | Restrict Administrative Privileges (ML1) |
| E8-ADMIN-ML2 | Restrict Administrative Privileges (ML2) |
| E8-ADMIN-ML3 | Restrict Administrative Privileges (ML3) |
User Application Hardening
| Code | Title |
|---|---|
| E8-UAH-ML1 | User Application Hardening (ML1) |
| E8-UAH-ML2 | User Application Hardening (ML2) |
| E8-UAH-ML3 | User Application Hardening (ML3) |
Frequently Asked Questions
What is ACSC Essential Eight?
ACSC Essential Eight is a compliance framework from Australia with 8 domains and 24 controls. Australian Cyber Security Centre Essential Eight Maturity Model: eight prioritised mitigation strategies with three maturity levels. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does ACSC Essential Eight have?
ACSC Essential Eight has 24 controls organised across 8 domains. The largest domains are Application Control (3 controls), Configure Microsoft Office Macro Settings (3 controls), Multi-factor Authentication (3 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does ACSC Essential Eight map to?
ACSC Essential Eight does not currently have cross-framework mappings in our system. Check back as we continuously expand our mapping database.
How do I get started with ACSC Essential Eight compliance?
Start your ACSC Essential Eight compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about ACSC Essential Eight requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 24 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 769 frameworks.
Get Started Free →Free forever — no credit card required