Free ASD Essential Eight maturity check – tailored for Australian and New Zealand businesses

The Essential Eight is a set of eight practical security strategies recommended by the Australian Signals Directorate (ASD) to protect organisations from cyber threats. This free assessment measures your maturity across all eight controls: patching applications, patching operating systems, multi‑factor authentication (MFA), restricting administrative privileges, application control, hardening user applications, backups, and macro settings.

New Zealand context: Widely adopted by NZ government agencies and businesses that work with them. Aligned with the New Zealand Information Security Manual (NZISM), Privacy Act 2020, and NCSC NZ guidance. Use this assessment to prepare for government procurement or to demonstrate reasonable security safeguards.

Australian context: Required for government suppliers and critical infrastructure operators. Aligned with the Privacy Act 1988 (Cth), Notifiable Data Breaches (NDB) scheme, and SOCI Act. Many insurers now ask for Essential Eight maturity as a condition of coverage.

This free self‑assessment takes about 7 minutes. You’ll receive a maturity level (ML0–ML3) for each control, plus an overall score based on your lowest‑scoring control – because attackers exploit your weakest link, not your average. Your report includes a ranked action plan with effort estimates (Quick Win / Medium / Project).

Looking for a broader framework? Try our NIST CSF Lite assessment for a programme‑wide view, or the SMB Cyber Readiness assessment for a shorter entry‑level check.