ASD Essential Eight Maturity Assessment

Where does your business sit on the Essential Eight?

A private, plain-English self-assessment. Answer a quick set of questions in under 5 minutes, or go deep with a full ML1–ML3 review. Either way, you will leave knowing your likely maturity level and the gaps to close next.

No login required / No answers are sent unless you choose to send a summary / Built for a practical follow-up call

The Essential Eight

Eight controls. Three maturity levels.

The ASD's Essential Eight is the most widely-recognised baseline for cyber security in Australia. Each control has three maturity levels — ML1 is the floor, ML3 is for organisations defending against persistent, well-resourced attackers.

Application Control

Only approved software runs on your systems.

Patch Applications

Keep apps and browsers up to date.

Configure Office Macros

Block risky Microsoft Office macros.

User Application Hardening

Lock down browsers, PDF readers, Office.

Restrict Admin Privileges

Limit who has admin rights, and how.

Patch Operating Systems

Keep Windows, macOS, network OS patched.

Multi-Factor Authentication

Require a second factor to log in.

Regular Backups

Back up important data — and test restores.

How it works

From answers to action plan.

  1. 01

    Pick a depth

    Quick survey for a fast read, or the comprehensive assessment for the full ML1–ML3 picture.

  2. 02

    Answer honestly

    5-point slider per question — Not started → Fully implemented. Plain English. Your progress saves automatically.

  3. 03

    See your maturity

    A headline ML0–ML3 number, a per-control breakdown, and a prioritised gap list to reach the next level.

  4. 04

    Book a call

    Bring the report to a 30-minute call with us. We'll talk through what to tackle first.