cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

ACSC updates Essential Eight Maturity Model for 2023

The Australian Cyber Security Centre (ACSC) has announced an update to the Essential Eight Maturity Model.

user icon Daniel Croft
Mon, 27 Nov 2023
ACSC updates Essential Eight Maturity Model for 2023
expand image

Being the cyber wing of the Australian Signals Directorate, the ACSC has updated the Essential Eight to meet the changing nature of the industry and to assist organisations in best defending themselves from threat actors.

It has worked with both industry and government at a domestic and international level to generate the best understanding of what agencies need to defend themselves.

“As the Australian Signals Directorate (ASD) is committed to providing cyber security advice that is contemporary, fit for purpose and practical, the Essential Eight Maturity Model (E8MM) is updated annually,” wrote the ASD.


“In doing so, it is designed to assist organisations in protecting their internet-connected information technology networks against common cyber threats.”

The ASD has introduced a number of changes as part of its November 2023 update. The most significant, affecting maturity levels one, two and three, are changes to the requirements “for 48-hour response time frames for addressing vulnerabilities in online services from being applicable only when exploits for vulnerabilities exist to when either vulnerabilities are assessed as critical by vendors or working exploits exist.”

Additionally, the Essential Eight now requires organisations to scan their systems for critical vulnerabilities and high-risk software at least weekly rather than at least fortnightly.

The ASD also introduced changes to multifactor authentication (MFA), saying that customers of “online customer services that process, store or communicate sensitive customer data” should no longer be able to easily opt out of MFA.

On top of that, the ASD introduced changes to cloud service management and incident detection and response.

“As malicious actors become more sophisticated, it’s vital for us to adapt to the changing threat environment,” said the ACSC on LinkedIn.

“We have worked closely with government and industry – both domestic and international – to ensure this guidance is contemporary, fit for purpose and practical.

“Make sure you review the updates for your maturity level and implement the recommended security controls to keep your organisation and customers as protected as possible.”

The full updated Essential Eight Maturity Model can be found on the ACSC website.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.