By Justin Hendry on Jun 10, 2021 6:45AM Only one agency hits Essential Eight baseline. Only one of the 18 largest departments and agencies across government recently examined by the national auditor has fully implemented the 'Essential Eight' cyber security controls. The remaining 17 agencies reported either ‘ad-hoc’ or ‘developing’ levels of maturity with the controls – the lowest possible score under the metric – or incorrectly self-assessed as having a ‘managing’ maturity level. The Essential Eight is a series of baseline cyber security mitigation strategies and a maturity model recommended by the federal government. It encompasses four 'top' controls, which are mandatory for non-corporate Commonwealth entities.