CyberPostureGet started
ACSC Essential Eight · Australian Cybersecurity Standard

Essential Eight Maturity Assessment

Self-assess against the ACSC Essential Eight. Get your score, your gap report, and your remediation roadmap in minutes.

Start free assessmentContact support

Pricing

Simple, transparent pricing

Self-assessment

Free

Full 71-question Essential Eight assessment with instant maturity score across ML1 and ML2.

  • 71-question assessment
  • ML1 & ML2 scoring
  • Top gaps identified
  • No account required
Start free assessment
Most Popular

Board-ready gap report

$99one-time

Downloadable gap report with prioritised remediation roadmap, ready to present to your board or auditor.

  • Full gap analysis
  • Prioritised remediation roadmap
  • PDF + Word download
  • Board-ready language
Get started

Policy template bundle

$149one-time

14 pre-written policy templates aligned to the Essential Eight, ready to customise and implement.

  • 14 policy templates
  • Word format, fully editable
  • Aligned to ACSC guidance
  • Bundle with gap report available
Get started

Case study

ML2 achieved in 6 weeks

Australian professional services firm, 80 staff — used EssentialScore to self-assess against the Essential Eight ahead of a client security audit. They generated their gap report, followed the built-in remediation roadmap, and achieved ML2 within 6 weeks.

Ready to assess your Essential Eight maturity?

Free assessment. No account required.

Start free assessmentContact support

Frequently asked questions

What is the Essential Eight?

The Essential Eight is a set of eight cybersecurity mitigation strategies developed by the Australian Signals Directorate (ASD) and recommended by the ACSC. It is widely used by Australian businesses, insurers, and auditors to measure cyber maturity.

Is the Essential Eight assessment free?

Yes. The 71-question assessment is completely free. No account required. You get your Maturity Level score and top gaps instantly. The paid options are the downloadable gap report ($99) and the policy template bundle ($149).

What Maturity Level should I be aiming for?

Most Australian SMBs should target Maturity Level 1 as a minimum, which addresses the most critical attack vectors. ML2 is required for organisations working with sensitive client data. ML3 is the top tier and typically required for critical infrastructure.

How long does it take to complete the assessment?

Most users complete the 71-question assessment in 15–20 minutes. Questions are plain English — no deep technical knowledge required. Your IT manager, operations lead, or business owner can answer them.

What do I get with the paid gap report?

The $99 gap report is a downloadable PDF and Word document showing your score across all 8 controls, the specific gaps driving your Maturity Level, and a prioritised remediation roadmap. It is designed to be shared with your board, auditor, or cyber insurer.

Not sure which assessment you need? Debra can help.

Contact support