Measure your ACSC Essential Eight compliance and maturity level

Huntsman Security’s Essential Eight solutions accurately measure security control effectiveness and maturity levels against the ACSC Essential Eight Maturity Model; to improve compliance, provide visibility and enable informed oversight for risk management and compliance.

The Australian Cyber Security Centre’s ACSC Essential Eight risk management framework is a prioritised list of eight mitigation strategies (security controls) organisations can implement to protect their systems against a range of adversaries. The ACSC recommends the implementation of the eight controls as a baseline, to help mitigate the majority of cyber threats.

Why should your organisation implement the security controls?

Federal Government Mandatory Requirements

On 15 March 2022, the Attorney-General’s Department’s Protective Security Policy Framework (PSPF) was updated to mandate the Essential Eight, Maturity Level Two for all non-corporate Commonwealth entities.

State and Territory Government Requirements

Australian State and Territory governments require their agencies to report on compliance with a mandated information security policy. In NSW, QLD and WA, the information security policies mandate compliance with the ACSC Essential Eight with annual reporting required.

Other Organisations

The ACSC recommends that all organisations implement the Essential Eight security controls as they are the most effective mitigation strategies to help organisations protect themselves against various cyber threats.

How to measure your organisation’s compliance to the ACSC Essential Eight

Whether your operation sits within federal or state government, or is a private enterprise, you will require monitoring, measurement and reporting to assess your current status and ongoing compliance posture against the Essential Eight risk mitigation strategies.

Huntsman Security’s Essential Eight measurement, compliance and reporting solutions, Essential 8 Auditor and Essential 8 Scorecard, collect and analyse events from your infrastructure, systems, services and applications to produce your maturity score against the ACSC Essential Eight, and give all parties a clear picture of your cyber security control effectiveness.

Essential 8 Auditor

The Essential 8 Auditor provides on-demand cyber vulnerability and maturity assessment, to measure your security compliance against the ACSC Essential Eight framework. It allows you to measure your Essential Eight maturity score in minutes, and then produces a comprehensive ‘to-do’ list of issues for resolution for your Security & Risk team.

Essential 8 Scorecard

The Essential 8 Scorecard provides continuous cyber risk measurement by monitoring and reporting on your organisation’s ongoing security control effectiveness against the ACSC Essential Eight, either directly or via your IRM platform.

Why customers use Huntsman Security technology for ACSC Essential Eight measurement and reporting

Automates data-driven reporting and visibility of gaps

  • Provides an immediate view of your security control effectiveness
  • Operates across cloud, on-premise or hybrid environments
  • Accurate and on-demand or continuous view of compliance
  • Reliable, data-driven metrics for risk management and compliance

High-fidelity measurement of your cyber maturity

  • Removes unknown of compliance self-assessment and reporting
  • Instantly identifies non-compliance for remediation
  • Saves time, cost and money compared to a manual assessment

Positions cyber security as a strategic priority

  • Essential Eight mitigation strategies recommended for adoption by all organisations
  • Essential Eight measurement critical to enhancing cyber posture and security awareness
  • Essential Eight is key to defence and resilience that support on-going government service and operations

Want to find out more?

Download our Essential Eight Compliance Guide to discover how to measure the effectiveness of your organisation’s security controls using Huntsman Security’s Essential Eight solutions.


Read by directors, executives, and security professionals globally, operating in the most complex of security environments.