Professional Services
Business man looking at IT Security Services on his phone Business man looking at IT Security Services on his phone Business man looking at IT Security Services on his phone
  • Home /
  • Essential Eight Assessment Overview

Essential Eight Assessment Overview

Assessments against the Essential Eight are conducted using the Essential Eight Maturity Model, which defines four maturity levels:

  • Maturity Level Zero: Indicates that the requirements of Maturity Level One are not met.
  • Maturity Levels One to Three: Represent increasing levels of mitigation against targeting and tradecraft sophistication.

While the specific approach to conducting an assessment may vary depending on the size and complexity of the system, all assessments are grounded in the foundational principles of the eight mitigation strategies outlined in the Essential Eight.

Deeper insight

In addition to using the ASD-approved assessment method, our process incorporates a custom maturity rating. This enhancement goes beyond a simple pass/fail outcome by providing deeper insight into identified gaps, helping organizations better understand their security posture and areas for improvement.

Assessment

Essential Eight has multiple controls for each of the eight mitigation strategies, the assessor will test each of these controls with a simulated activity designed to confirm it is in place and effective (e.g. attempting to run an application to check application control rulesets). Where this is not possible the assessor will review the configuration of a system through the system’s interface to determine whether it should enforce an expected policy, or review and assess the evidence provided by the customer.

The assessor will consider the following:

  • Your adoption of a risk-based approach to the implementation of mitigation strategies.
  • The ability to test the mitigation strategies across an accurate representative sample of workstations (including laptops), servers and network devices.
  • The level of assurance gained from assessment activities and any evidence provided (noting the quality of the evidence).
  • Any exceptions, including associated compensating controls and whether they have been accepted by an appropriate authority as part of a formal exception process.

Stages

The four stages are:

  • Planning and preparation
  • Scope and approach
  • Assess controls
  • Reporting

Deliverables

A report will be provided based on the ASD template which includes finding and recommendations for improvement.

Also an E8 summary presentation pack will be also produced for stakeholders:

  • Executive Overview
  • Control Maturity Rating v/s ASD-E8 Compliance
  • Security Controls (E8 in the wider context of ISO27K1)
  • ASD – Essential Eight – Maturity Level 1 (Granular status)
  • Gaps identified and suggested mitigations
  • ASD E8 ML1 drilldown slides

Contact us

Get in touch today to schedule your Essential Eight assessment and gain clear, actionable insights into your cybersecurity maturity. Our team is ready to help you identify gaps, strengthen controls, and align with ASD’s standards.

Contact Us Today

Fill in the form below or call us on +64 9 570 2233