During the Reconcile process, you can select an industry standard baseline as your term of comparison.
You can choose to compare your tenant to:
- One of the Essential Eight baseline levels
- Industry standard baselines: CIS baseline
This article explores the Essential Eight baseline.
Essential Eight baseline
The Essential Eight baseline is a set of cybersecurity strategies created to help organizations protect their systems and data from cyber threats. Developed by the Australian Cyber Security Centre (ACSC), the Essential Eight framework outlines eight prioritized mitigation strategies designed to prevent malware delivery and execution, limit the extent of cybersecurity incidents, and improve overall security resilience.
The Essential Eight baseline is structured across three maturity levels:
- Maturity Level 1 (ML 1)
- Maturity Level 2 (ML 2)
- Maturity Level 3 (ML 3)
These levels enable organizations to progressively strengthen their security posture.
This framework is widely adopted across public and private sectors in Australia and is considered a practical foundation for organizational cybersecurity, aligning with best-practice recommendations.
To further support compliance and assurance, the baseline configurations also include mappings to the Australian Government Information Security Manual (ISM). The ISM provides comprehensive cybersecurity guidelines and controls for protecting Australian government systems and information.
By mapping Essential Eight strategies to relevant ISM controls, organizations can better understand how implementing the Essential Eight framework contributes to meeting ISM requirements and strengthening their overall security framework.
For more information on the Essential Eight framework, visit this site.
To learn more about each configurations for each Maturity Level see the files below. You can download each file for better readability.
To do so, follow these instructions:
To download the files
- Click the “Save” button at the top right of the presentation.
- This button generally appears as a “floppy disk” icon on Windows PCs or a downward arrow icon on Macs.
Maturity Level 1
This maturity level focuses on malicious actors who exploit widely available tradecraft to gain access to systems opportunistically. They use methods like unpatched vulnerability exploits or stolen credentials, targeting any potential victim rather than specific individuals. Common social engineering techniques are employed to manipulate users, and if they access privileged accounts, they may exploit those privileges or destroy data, including backups.
View configurations in detail below:
Maturity Level 2
This maturity level highlights malicious actors who show a modest increase in capability compared to the previous level. They are willing to invest more time and effort into targeting, employing well-known tradecraft to bypass security controls and evade detection. This includes actively phishing for credentials and using technical and social engineering techniques to overcome weak multi-factor authentication. While they tend to be more selective in their targeting, they remain cautious about the resources they commit. They focus on effective phishing and may exploit compromised privileged accounts or seek accounts with special privileges. Depending on their goals, they may also destroy all accessible data, including backups.
View configurations in detail below:
Maturity Level 3
This maturity level highlights malicious actors who are adaptive and less dependent on public tools. They exploit weaknesses in a target's cybersecurity posture, such as outdated software or poor logging, to gain and maintain access while evading detection.
These actors focus on specific targets and invest effort in navigating unique security policies, often using social engineering to manipulate users into bypassing controls or stealing authentication tokens. Once they establish a foothold, they aim to acquire privileged credentials, pivot within the network, and cover their tracks, potentially destroying all accessible data, including backups.
View configurations in detail below:
Selecting one of the Essential Eight baseline levels in Reconcile
To select one of the Essential Eight baseline levels as a term of comparison, in the Reconcile page,
- Firstly, select the tenant you wish to compare to the industry standard baseline from the “Tenant” dropdown menu
- Select the desired tenant's version
- Make sure che “Compare with” checkbox is checked
- From the “Option” menu, select “Industry baseline”
- In the “Baseline name” box, select one of the Essential Eight baseline levels
- Once the level is selected, choose which workloads to include, and select “Apply”
- Proceed with the standard Reconcile flow
Essential Eight baseline tags
On “Reconcile”, by expanding “Configuration Types”, you will find industry benchmark tags associated to specific configurations.
These tags are identifiers that help you easily spot which configurations belong to the Essential Eight baseline. They provide a clear view of which specific Essential Eight configurations are covered, allowing you to understand your compliance status.
By clicking on the Essential Eight level tag, a pop-up will appear, informing you of the Essential Eight level control that the configuration aligns with:
