What Is the Essential Eight and Why Does It Matter for Your NFP?

The Australian Government's Essential Eight is the most practical cyber security framework available to Australian organisations. Developed by the Australian Signals Directorate, it outlines eight core controls that significantly reduce the risk of a cyber attack.

For not-for-profits, the Essential Eight matters for three reasons. First, your funders and regulators are increasingly asking about it. Second, it gives you a defensible framework to point to if something goes wrong. Third, it is achievable — unlike enterprise frameworks that assume a full IT team and unlimited budget.

The eight controls are: application control, patch applications, configure Microsoft Office macro settings, user application hardening, restrict administrative privileges, patch operating systems, multi-factor authentication, and regular backups.

At Red Flagg™, we deliver the Essential Eight in stages. Level 0 covers nine human-layer controls that stop most incidents before they start. Level 1 delivers the full 48 controls progressively over 12 to 24 months, so nothing is rushed and every change sticks.

If you are a registered not-for-profit and want to understand where you currently sit, book a free Cyber Maturity Assessment. It takes about 45 minutes and gives you a clear picture of your current posture and the steps to improve it.