📞 1800 526 269

essential eight assessment services

We focus on real attack paths and business impact.

Know Your Cyber Security Baseline. Get a Clear Plan to Get Compliant.

Independent Essential Eight assessments delivered by certified Australian cyber security specialists. Accurate maturity scoring, a practical implementation roadmap, and evidence your board, insurer, and auditors can rely on.

Essential 8

Assessment
for $99

Regular price $1,499.
You save $1,400.

New Customer Promotion

We’re running a heavily discounted Essential 8 assessment for new customers so you can experience the value of working with a dedicated cyber security firm, without a large upfront commitment.

  • $99 EX GST:NEW CUSTOMERS ONLY.
    LIMITED AVAILABIALITY

WHAT YOU GET

  • Essential 8 Compliance Assessment
    We’ll assess your environment against the Australian Cyber Security Centre’s Essential 8 to ensure your business meets the baseline cyber security standards.
  • Detailed Reporting
    You’ll receive the same comprehensive, in-depth report that comes with our full $1,499 assessment, highlighting your security posture and areas for improvement.
  • Actionable Recommendations
    Clear, practical steps to help you improve your security and minimize risks, ensuring your systems are better protected.
  • Stronger Security Posture
    Identify potential gaps and reduce your vulnerability to cyber threats, helping you create a more resilient business infrastructure.
  • Same Certified Team
    Work with the same experienced professionals that handle our full assessments.
  • Same Methodology
    We use the same proven methods and approaches for this discounted offer as we do for our higher-value services.
  • Same Report as Our $1,499 Service
    You’ll receive the same comprehensive report as our $1,499 assessment, giving you complete insight into your cyber security status.
  • Claim My $99 Assessment

Offer applies to Australian businesses who have not previously engaged Sentry Cyber. One assessment per organisation. Subject to standard scoping and eligibility.

The Framework That Stops 85% of Cyber Attacks

The Essential Eight is Australia’s own cyber security framework, developed by the Australian Signals Directorate (ASD). When properly implemented, it is estimated to defeat approximately 85% of the cyber attacks targeting Australian organisations.

It is also the framework that:

  • Your cyber insurer will ask about at renewal
  • Your enterprise customers will require you to prove
  • The Department of Defence now mandates for DISP members
  • The ACSC recommends as the national baseline for all Australian businesses
Most organisations assume they have the right controls in place. An independent
assessment turns assumption into evidence, either confirming you’re on track or
showing exactly where the gaps are, before someone less friendly finds them for you.

One Critical Thing Most People Don't Realise

Sentry Cyber regularly helps DISP members, applicants, and Defence supply-chain businesses measure where they genuinely sit, build a roadmap to full Level 2, and maintain ongoing compliance as requirements evolve.
Reference:
Defence Industry Security Program — Cyber Assurance

To genuinely claim a maturity level, every one of the eight mitigation strategies must meet that level. Being excellent at seven and weak at one means your overall maturity is dragged down to the weakest control.

This is why self-assessments so often give a false sense of security and why an independent review matters. We measure every strategy individually, so there are no surprises when an insurer or auditor does it for you.

Mandatory for DISP Members
Full Maturity Level 2

If you work with the Australian Government or Department of Defence, Essential Eight compliance is no longer a nice-to-have.

All Defence Industry Security Program (DISP) members are now required to achieve and maintain compliance with the full Essential Eight Maturity Level 2 standard. That is a meaningful step up from earlier DISP cyber requirements, and it demands demonstrable, evidence-based controls across every one of the eight strategies.

Our three-phase Assessment approach

We deliver Essential 8 assessments in three clear phases.
Most engagements are completed in one to two weeks.

Phase 1
Discovery & Scoping

Your assessment begins with a working session with one of our certified cyber specialists. We take the time to understand your business objectives, IT environment, existing security measures, and which maturity level is the right target for your industry, contracts, and risk profile.

  • This phase sets clear boundaries, agreed goals, and the scope of what we'll assess.

Phase 2
Technical Assessment & Analysis

We conduct a detailed review of your environment against all eight mitigation strategies in the ACSC Essential Eight Maturity Model. This includes examining configurations, policies, documentation, and live system evidence, not just asking your team if controls are in place.

  • Every control is scored individually against Maturity Levels 1, 2, and 3.

Phase 3
Reporting & Roadmap

You receive a comprehensive report with prioritised findings, supporting evidence, and clear remediation recommendations aligned to the ACSC Essential Eight Maturity Model. We provide a practical, risk-based roadmap to help strengthen your cyber security posture, improve resilience, and guide your organisation toward higher maturity levels.

    • Executive summary
    • Detailed scoring & gaps
    • Remediation roadmap
    • Quick wins & priorities
    • Implementation options
    • Walk-through session

What's Included in Every Assessment?

  • Full gap analysis against all eight mitigation strategies
  • Full gap analysis against all eight mitigation strategies
  • Maturity level scoring for Levels 1, 2, and 3
  • Plain-English explanation of what each level means for your business
  • Prioritised roadmap that can be actioned by your IT team, your MSP, or Sentry Cyber
  • Optional fixed-price quote if you'd like Sentry Cyber to handle remediation
  • Independent external audit option to validate existing Essential Eight compliance claims
  • Evidence documentation suitable for insurers, DISP auditors, and enterprise procurement teams
  • Personal walk-through session with your consultant, no handing over a PDF and disappearing

The Eight Mitigation Strategies We Assess

Every assessment covers all eight ASD controls in full.

  • Application Control
    Ensuring only approved applications can execute
  • Patch Applications
    Verifying timely patching of internet-facing and high-risk software
  • Configure Microsoft Office Macro Settings
    Reviewing macro controls across productivity tools
  • User Application Hardening
    Ensuring only approved applications can execute
  • Restrict Administrative Privileges
    Evaluating privileged access management
  • Patch Operating Systems
    Assessing browsers, PDF readers, and Office hardening
  • Multi-Factor Authentication
    Testing MFA coverage across users, admins, and third parties
  • Regular Backups
    Validating backup integrity, segregation, and actual recovery capability
  • The Four Maturity Levels Explained

    You start at Maturity Level 0 by default. The only way to progress is through an assessment.

  • Maturity Level 0
    Significant gaps in your cyber posture. Systems and data are highly vulnerable. This is where most un-assessed businesses sit, even when they don't realise it.
  • Maturity Level 1
    Basic controls implemented. Mitigates opportunistic attackers using widely available tools. A sensible baseline for most small to medium Australian businesses.
  • Maturity Level 2
    A more capable set of controls, mitigating adversaries with moderate skill. This is the mandatory standard for all DISP members and is increasingly expected by cyber insurers and enterprise customers.
  • Maturity Level 3
    The highest level. Mitigates adaptive, skilled adversaries using less common techniques. Appropriate for organisations handling highly sensitive data or critical infrastructure.

Your assessment identifies your current level, your target level, and the practical steps to move between them.

Sentry Cyber :
A Dedicated Australian Cyber
Security Firm

Sentry Cyber is not a generalist IT provider dabbling in cyber. We are a specialist cyber security company, based in Melbourne and serving organisations across Australia.

Our Essential Eight assessments are delivered by practitioners who actually understand how attackers exploit weak controls because the same people also perform our penetration testing and ethical hacking work. When we say a gap creates real risk, it’s because we’ve exploited that same gap in controlled conditions somewhere else.

Our Team’s Professional Certifications (show certification logos)

    • Certified in Cybersecurity (CC) — ISC2
    • Certified Cyber Security Technician (CCT) — EC-Council
    • Certified Application Security Practitioner (CASP)
    • Certified Ethical Hacker — Practical (CEH Practical) — EC-Council
    • Certified Professional Penetration Tester (CPPT)
    • Certified Malware Analysis Professional (CMAP)

These are not decorative logos. Every certification listed is a hands-on technical qualification earned through examination and practical assessment. When a Sentry Cyber consultant tells you where your Essential 8 gaps are, that assessment is coming from a certified practitioner, not a sales rep working off a checklist.

Who This Assessment Is Built For

The Essential 8 Assessment is designed for:

  • Any Australian organization that wants an honest independent benchmark of their cyber posture
  • DISP members and applicants needing Maturity Level 2 evidence
  • Organizations renewing cyber insurance in 2026 and needing documented controls
  • Australian Government contractors and suppliers
  • Businesses required to prove compliance to enterprise customers or commercial partners

Why Now?

Three things have changed in the last 12 months that make an Essential 8 assessment more valuable than ever:

  • Cyber insurers are demanding evidence.
    We have MFA" is no longer enough at renewal. Insurers now want documented maturity scoring.
  • DISP Maturity Level 2 is mandatory.
    Defense suppliers can no longer self-attest their way to compliance.
  • Ransomware attacks & data breaches on Australian SMEs are rising.
    Essential Eight controls, properly implemented, block the majority of common attack paths.
Waiting until an insurer, auditor, or attacker forces the issue is the most expensive path.
An independent assessment at $99 for new customers is the cheapest and fastest way to
know where you really stand.

Claim Your $99 Essential Eight Assessment!

Get in Touch

14 + 3 =

Frequently Asked Questions

Is the $99 assessment really the same as the $1,499 assessment?
Yes. Same certified team, same methodology, same deliverables.
The discount is offered to new customers as a way to experience
the value of working with us without a significant upfront commitment.
We find that clients who experience the quality of our work tend to engage
us for remediation or ongoing services, but there is zero obligation to do so.

Who qualifies for the $99 new customer offer?
Australian businesses that have not previously engaged Sentry Cyber for
paid services. One assessment per organization. The promotional price assumes
a standard small to medium environment can be assessed within our scoping
parameters, larger or more complex environments may require separate quoting.

What is the Essential Eight?
The Essential Eight is a set of eight cyber mitigation strategies developed by
the Australian Signals Directorate (ASD). It is the recognized national benchmark
for protecting Australian organizations against common cyber threats, including
ransomware, credential theft, and business email compromise.

Do we really need an independent assessment — can’t we self-assess?
You can, and the ACSC provides a free self-assessment tool. However, self-assessments
consistently over-estimate maturity. They also don’t carry weight with insurers, DISP
auditors, or enterprise customers who want evidence from an arm’s-length assessor.
If you’re preparing for any of those, an independent assessment is the only credible option.

How long does the assessment take?
Most assessments are completed within two to four weeks depending on the size of your environment and the number of systems in scope.
Do we have to use Sentry Cyber to fix the gaps?
No. Your roadmap is yours to use however you want. Many of our clients have their in-house IT team or their existing MSP implement the recommendations. We’re happy to quote on the remediation work if you want us to help, but there is no obligation whatsoever.
What’s the difference between an Essential 8 Assessment and a penetration test?
An Essential 8 Assessment measures whether you have the correct controls in place against a recognized framework. A penetration test simulates a real attack to find exploitable weaknesses. They are complementary, the assessment tells you what should be there, the pen test proves whether it’s working.
Can you help us reach DISP Maturity Level 2?
Yes. We regularly work with DISP members and applicants to achieve and maintain full Maturity Level 2 compliance across all eight strategies. Our reports are structured specifically for DISP auditor review.
How much does an Essential 8 Assessment cost after the promotion?
The regular price is $1,499 ex GST for most small to medium environments. Larger or more complex environments are scoped individually and quoted on a fixed-price basis, NO SURPRISES.
How often should we reassess?
We recommend reassessing annually at minimum, or after any significant infrastructure change, cloud migration, merger, acquisition, or cyber incident. Cyber insurance renewals are also a common trigger point.
Do you provide evidence that satisfies auditors and insurers?
Yes. Our reports are structured so they can be provided directly to cyber insurers, DISP assessors, and enterprise procurement teams as evidence of your Essential Eight posture.
What happens after the assessment is complete?
You receive your executive summary, detailed technical findings, maturity scoring, and prioritized remediation roadmap. We walk you through everything personally in a session with our team, so you leave with a clear, actionable plan you understand.