The Australian Cyber Security Centre (ACSC) has further strengthened the implementation guidance for the Essential Eight through changes that reflect its experience in producing cyber threat intelligence, responding to cyber security incidents, conducting penetration testing and assisting organisations to implement the Essential Eight. The Essential Eight Maturity Model now prioritises the implementation of all eight mitigation strategies as a package due to their complementary nature and focus on various cyber threats. Organisations should fully achieve a maturity level across all eight mitigation strategies before moving to achieve a higher maturity level. In addition, there is also an increased emphasis on risk management, which includes better enabling organisations to manage risks associated with legacy systems. Changes to the Essential Eight Maturity Model follow a thorough review by the ACSC which included consultation with government and industry partners. The ACSC’s Essential Eight are the most effective mitigation strategies organisations can adopt to protect themselves against cyber threats, with the Essential Eight Maturity Model is designed to assist organisations to implement them.