Baseline Cyber Resilience Framework by ACSC

Essential Eight

RACERT conducts independent assessments against the Essential Eight maturity model, helping organisations evaluate and strengthen their cybersecurity posture while aligning with Australian Government standards and global best practices.

Understanding Essential Eight

The Essential Eight (E8) comprises a set of mitigation strategies developed and maintained by the Australian Cyber Security Centre (ACSC). It provides organisations of all sizes with a structured approach to mitigate the most common cyber threats, addressing the root causes of intrusion events and operational disruptions.

Core Components of the E8

Application Control

Restrict unauthorised applications to reduce the risk of malware and system compromise.

Patch Applications

Configure Microsoft Office Macros

User Application Hardening

Restrict Administrative Privileges

Patch Operating Systems

Multi-Factor Authentication (MFA)

Regular Backups

State Government Cyber Security Requirements

Across Australian jurisdictions, state-level policies reference or mandate the Essential Eight as a foundation for cyber resilience.

New South Wales (NSW)

Deadline: Annual cyber security attestation to Cyber Security NSW due 31 October each year.

The NSW Cyber Security Policy (CSP) sets mandatory requirements for all NSW Government agencies, mandating the Essential Eight at Maturity Level 1.

Queensland

Deadline: Annual reporting required with continuous monitoring obligations.

The Information Security Policy (IS18:2018) requires agencies to establish an Information Security Management System (ISMS) aligned with ISO/IEC 27001 and tailored Essential Eight maturity targets.

Victoria

Requirement: Annual attestation supported by Protective Data Security Plans (PDSPs).

Under the Victorian Protective Data Security Framework (VPDSF), agencies must implement risk-based governance aligned with the Victorian Protective Data Security Standards (VPDSS).

Australian Capital Territory (ACT)

Requirement: Annual assurance reporting required.

The ACT Cyber Security Framework integrates the PSPF, Essential Eight, and SOCI Act obligations. Agencies must report on maturity and control effectiveness annually.

South Australia

Requirement: Annual attestation required in May/June each year.

The South Australian Cyber Security Framework (SACSF) requires agencies to assess and report their alignment with the Essential Eight Maturity Model.

Western Australia (WA)

Requirement: Annual reporting under the WA Cyber Security Policy (2024).

The policy mandates the Essential Eight at Maturity Level 1, in conjunction with NIST CSF, ASD ISM, and the additional “Further Five” mitigation strategies.

Certification, Simplified

Our assessment verify that your management systems comply with the international standards while aligning with your business objectives.

Need to Know

More?

From understanding the scope and requirements to uncovering the benefits that certification brings to your organisation, we’ve got you covered.

We’ve gathered answers to the most frequently asked questions, providing you with clear insights and guidance every step of the way. Whether you’re new to certification or looking for more specific information, our comprehensive FAQ will ensure you have the knowledge you need to make informed decisions and move forward with confidence.

What is the Essential Eight framework?

It’s a set of eight mitigation strategies developed by the ACSC to help organisations defend against common cyber threats.

Does RACERT provide Essential Eight certification?

How are Essential Eight maturity levels measured?

How often should an organisation undergo an Essential Eight assessment?

How does Essential Eight relate to ISO/IEC 27001?

Simplifying Certification

Learn how RACERT supports your journey with a structured and clear certification process.

Global Standards

Explore internationally recognised ISO and IEC standards that fits your industry and business goals.

Industry Insights

Explore the latest trends, expert analysis, and key developments shaping the industry. Our Industry Insights offer valuable information to help you stay informed and make smarter decisions in a rapidly evolving market.