IRAP ยท Essential Eight Acceleration

For organizations that need to achieve specific Essential Eight maturity levels for government contract requirements

Government procurement increasingly mandates specific Essential Eight maturity levels. ML1 is table stakes for many contracts. ML2 is required for sensitive data handling. ML3 is expected for critical infrastructure. The Essential Eight Maturity Model defines specific technical requirements at each level: application control preventing execution in user-writable directories, patching within defined timeframes, MFA resistant to specific attack techniques.

We implement the eight strategies at your target maturity level. Not auditing. Implementation. Application control policies deployed via Intune. Patching automation configured in ConfigMgr. MFA with phishing-resistant authenticators enrolled across your workforce. When your government contract requires demonstrated ML2, we build it.

  • E8 Maturity Assessment Before implementation, you need baseline clarity. We validate your current maturity level across all eight strategies using ASD's standardized assessment outcomes: Effective, Ineffective, Alternate Control, or No Visibility. We identify gaps to your target maturity level with specific remediation requirements. The assessment uses ASD's Essential Eight assessment methodology, including technical validation with tools like E8MVT where applicable. Output is a gap-to-target report with implementation effort estimates, not a generic maturity scorecard.
  • E8 Maturity Uplift Uplift is technical implementation. Application control: we configure Microsoft Defender Application Control (MDAC) or AppLocker policies, deploy via Intune, validate enforcement in user-writable directories. Patching: we configure WSUS, ConfigMgr, or Intune compliance policies with scanning and remediation windows aligned to ASD timeframes. MFA: we deploy phishing-resistant authenticators (FIDO2 security keys, Windows Hello for Business), configure Conditional Access policies requiring MFA strength. Macro restrictions: we configure Attack Surface Reduction rules blocking macros from internet-downloaded files in untrusted locations. Admin privilege restriction: we implement tiered access models, configure Privileged Access Workstations, deploy just-in-time elevation with PIM. Each strategy is implemented to your target maturity level and validated for effectiveness.
  • E8 Assessment Preparation When formal E8 assessment is required, we prepare evidence packages aligned to ASD's assessment methodology. Each control has documented implementation evidence. Validation testing confirms effectiveness. Exception documentation explains any alternate controls and their compensating effect. Your formal assessment proceeds with complete evidence, not last-minute scrambling.

Essential Eight maturity is increasingly a procurement prerequisite, not an optional enhancement. We implement the strategies that satisfy contract requirements.

Includes:

  • Maturity baseline report across all eight strategies
  • Gap-to-target remediation plan
  • Application control policy deployment
  • Patching automation configuration
  • MFA with phishing-resistant authenticators
  • Privilege access architecture
  • Macro restriction policies
  • Backup validation procedures