Understand where you stand against ASD's Essential Eight. Get a clear roadmap to ML2 compliance with actionable priorities.
E8 ML2 Assessment
ML2 Status
6/8 AT ML2
Assessment Cost
From $15k
Scales with environment complexity
Reporting cycles, audits, or delivery timelines require evidence of security maturity within defined timeframes.
There are many possible security activities, but limited clarity on which actions will reduce risk or improve maturity.
Different stakeholders provide advice on what to implement, but there is limited clarity on scope, applicability, and how requirements are actually assessed.
Security, projects, and operational demands compete for attention, making it difficult to decide what should be addressed first.
Clear view of current maturity based on evidence, with alignment to how assessments are conducted and interpreted in practice.
Assessment of all Essential Eight strategies using ACSC guidance and tools, supported by practitioner-led validation of control implementation.
Sequenced actions based on risk, effort, and impact — so you know what to address first and why.
Practical guidance on effort and cost to close gaps, supporting planning and decision-making.
Clear summary translating technical findings into decisions and priorities for leadership.
Documented view of control implementation to support future reviews, reporting, and continuous improvement.
Your internal teams and providers focus on operating and supporting your environment. We provide an independent view of your Essential Eight maturity, clarify what matters, and support you to prioritise and address gaps.
You need to evidence your current posture and identify gaps aligned to formal assessment expectations.
You need a clear, defensible view of maturity and a structured plan to address gaps within defined timeframes.
You've been assessed before, but need to validate results, prioritise actions, and plan uplift effectively.
Indicative posture review — delivery format (in-person or remote) agreed based on location and engagement scope.
Clear view of effort and next steps.
Assessment plus implementation — closing gaps, building documentation, and preparing your organisation for compliance milestones. Delivery format (in-person / remote) agreed based on location and engagement scope.
We don't just assess — we help you close gaps and demonstrate progress toward ML2.
Pricing note: Assessment pricing scales with environment complexity. Small environments (under 50 users, M365-centric) start from $15,000. Larger or hybrid environments are scoped individually. All pricing is indicative and depends on environment size and complexity.
Pick a time that works for you — we'll confirm scope and send a pre-read before the call.
Federal department
Delivered an Essential Eight maturity review across a multi-system environment using ACSC verification methodology. Followed with continuous assurance aligned to PSPF reporting and ASD survey cycles, maintaining visibility of control effectiveness between formal assessments.
Federal agency
Evaluated a multi-year Essential Eight uplift program and assessed its sustainability. Delivered a transition-to-business-as-usual plan with defined ownership, cadence, and evidence requirements, enabling compliance to be maintained beyond project delivery.
Federal agency
Refined assessment outputs to identify the most critical gaps requiring action, enabling leadership to prioritise effort and focus investment on reducing risk and improving maturity.
Typically 2–4 weeks depending on environment size. Small environments can be assessed in under 2 weeks. The timeline depends on how quickly your team can provide access to key systems, documentation, and key stakeholders for workshops.
Access to your environment documentation, IT architecture diagrams, and key stakeholders for workshops. We'll provide a detailed preparation checklist during scoping so you know exactly what you need to have ready.
Yes — our Uplift tier covers assessment plus implementation. We can assess first and then scope uplift separately, or combine both from the start. We'll discuss the best approach for your situation during scoping.
MSP reporting is operationally focused — uptime, tickets, patching status. Our assessment maps controls specifically to ASD's Essential Eight maturity model with evidence-based verification against each mitigation strategy. It's a formal, compliance-grade assessment rather than operational reporting — and every consultant on the engagement is senior, AGSVA-cleared, and from a government delivery background, so you work directly with experienced practitioners throughout.
Absolutely. Essential Eight ML2 is a core DISP cyber security requirement. The assessment report directly supports your DISP submission and CSQ completion. Many of our clients use the E8 assessment as a stepping stone to full DISP readiness.
For a small, M365-centric environment we typically go from scoping to a full ML2 assessment report in 4-6 weeks. Uplift timelines depend on the size of the gap but most defence suppliers reach ML2 within 3-6 months of starting.
Assessment starts from $15,000 and scales with environment complexity. Uplift starts from $40,000. We scope and price every engagement individually after a free health check so you know the range before committing.