Essential Eight Maturity Assessment for Australian SMBs
Self-assess against the ACSC Essential Eight framework. Get your Maturity Level score, gap report, and remediation roadmap in minutes. Free assessment — no account required.
What is the ACSC Essential Eight?
The Essential Eight is Australia's baseline cybersecurity framework, developed by the Australian Signals Directorate (ASD) and recommended by the Australian Cyber Security Centre (ACSC). It covers eight mitigation strategies across application control, patch management, multi-factor authentication, and more.
Compliance is mandatory for Commonwealth agencies and increasingly required by government contractors, enterprise clients, and cyber insurers. The EssentialScore assessment measures your organisation against Maturity Level 1, 2, and 3 — the three tiers defined by the ACSC.
Pricing
Essential Eight Assessment Pricing
Self-assessment
Full 71-question Essential Eight assessment with instant maturity score across ML1 and ML2.
- 71-question assessment
- ML1 & ML2 scoring
- Top gaps identified
- No account required
Board-ready gap report
Downloadable gap report with prioritised remediation roadmap, ready to present to your board or auditor.
- Full gap analysis
- Prioritised remediation roadmap
- PDF + Word download
- Board-ready language
Policy template bundle
14 pre-written policy templates aligned to the Essential Eight, ready to customise and implement.
- 14 policy templates
- Word format, fully editable
- Aligned to ACSC guidance
- Bundle with gap report available
Case study
Essential Eight ML2 achieved in 6 weeks
An Australian professional services firm with 80 staff used EssentialScore to self-assess against the Essential Eight ahead of a client security audit. They generated their gap report, followed the built-in remediation roadmap, and achieved Maturity Level 2 within 6 weeks.
Ready to assess your Essential Eight compliance?
71 questions. Free. No account required.
Essential Eight Assessment FAQs
What is the Essential Eight?
The Essential Eight is a set of eight cybersecurity mitigation strategies developed by the ASD and recommended by the ACSC. It is the baseline standard for Australian organisations and is widely used by businesses, insurers, and auditors to measure cyber maturity.
Is the Essential Eight assessment free?
Yes. The 71-question assessment is completely free. No account required. You get your Maturity Level score and top gaps instantly. The paid options are the downloadable gap report ($99) and the policy template bundle ($149).
What Maturity Level should I be aiming for?
Most Australian SMBs should target Maturity Level 1 as a minimum, which addresses the most critical attack vectors. ML2 is required for organisations working with sensitive client data. ML3 is the top tier and typically required for critical infrastructure.
How long does it take to complete the assessment?
Most users complete the 71-question assessment in 15–20 minutes. Questions are plain English — no deep technical knowledge required. Your IT manager, operations lead, or business owner can answer them.
Do Australian SMBs have to comply with the Essential Eight?
The Essential Eight is mandatory for Commonwealth agencies and increasingly required by government contractors. The ACSC strongly recommends it for all Australian SMBs as the baseline for cyber resilience and it is referenced by most Australian cyber insurers.
What do I get with the paid gap report?
The $99 gap report is a downloadable PDF and Word document showing your score across all 8 controls, the specific gaps driving your Maturity Level, and a prioritised remediation roadmap — designed to share with your board, auditor, or cyber insurer.