What Essential Eight ML3 does
Maturity Level 3 builds upon the foundational controls of ML1 and ML2, introducing capabilities for significantly enhanced threat detection and response. Key additions include deep application control using cryptographic signatures, ensuring only approved software can execute. Internet-facing services are patched within 48 hours, supported by automated vulnerability scanning. User applications are hardened with content filtering, and Endpoint Detection and Response (EDR) is implemented with centralised Security Operations Centre (SOC) monitoring for proactive threat hunting. Comprehensive event logging provides detailed audit trails.
Essential Eight ML3 in Australian tenants today
In Australia, ML3 is increasingly viewed as the baseline for organisations operating in sectors deemed critical or possessing national security relevance, including government, Defence, critical infrastructure, and financial services. Achieving and maintaining ML3 requires a dedicated security team, specialised tooling, and significant ongoing investment. While the Australian Signals Directorate (ASDC) promotes the Essential Eight, the practical operating cost – including personnel, licensing, and training – can be substantial, requiring careful budgetary planning and resource allocation. Compliance with APRA CPS 234 and the broader cybersecurity insurance landscape often incentivises a move towards ML3.