Implementation guidance for Australian Essential Eight controls in Microsoft environments - ISM controls with PSPF mappings
Essential 8 Guide is a free, community resource providing implementation guidance for the Australian Cyber Security Centre’s (ACSC) Essential Eight controls in Microsoft environments.
The Essential Eight is a prioritised list of cybersecurity mitigation strategies developed by the ACSC. These strategies help organisations protect their systems against a range of cyber threats and are considered baseline security measures for Australian government agencies and businesses.
This guide offers practical, step-by-step implementation guidance for each ISM (Information Security Manual) control, including:
Controls are tagged with Essential Eight maturity levels:
| Level | Description |
|---|---|
| ML1 | Maturity Level 1 – Partly aligned |
| ML2 | Maturity Level 2 – Mostly aligned |
| ML3 | Maturity Level 3 – Fully aligned |
Controls also include PSPF (Protective Security Policy Framework) classification levels where applicable:
This guide is provided for informational purposes only. All content is AI-generated from primary sources (official Microsoft and ACSC documentation) and should be carefully reviewed before implementation. Content may contain errors or become outdated—always validate against your organisation’s specific requirements and consult official documentation.
Found an error or have suggestions? Contact: alan [at] burchill [dot] id [dot] au
AI-generated content from primary sources. Built with Jekyll and hosted on GitHub Pages.