* [Blog](https://www2.paloaltonetworks.com/blog)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Posture Security](https://www2.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/)
* Stay Ahead of Cyberthreat...

# Stay Ahead of Cyberthreats: Prisma Cloud and the Essential Eight Framework

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fessential-eight-cybersecurity-framework%2F)  
[](https://twitter.com/share?text=Stay+Ahead+of+Cyberthreats%3A+Prisma+Cloud+and+the+Essential+Eight+Framework&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fessential-eight-cybersecurity-framework%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fessential-eight-cybersecurity-framework%2F&title=Stay+Ahead+of+Cyberthreats%3A+Prisma+Cloud+and+the+Essential+Eight+Framework&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/cloud-security/essential-eight-cybersecurity-framework/&ts=markdown)  
\[\](mailto:?subject=Stay Ahead of Cyberthreats: Prisma Cloud and the Essential Eight Framework)  
Link copied  
By [Pranay Shastrulla](https://www.paloaltonetworks.com/blog/author/pranay-shastrulla/?ts=markdown "Posts by Pranay Shastrulla")  
Jul 31, 2024  
5 minutes  
[Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown)  
[Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)  
[Compliance](https://www.paloaltonetworks.com/blog/cloud-security/category/compliance/?ts=markdown)  
[Essential Eight](https://www.paloaltonetworks.com/blog/tag/essential-eight/?ts=markdown)

The Australian Cyber Security Centre (ACSC), led by the Australian Signals Directorate (ASD), has developed a comprehensive list of strategies for mitigating cybersecurity incidents, known as Strategies to Mitigate Cyber Security Incidents.

Among these strategies, the most effective are encapsulated in the Essential Eight, a set of prioritized mitigation measures designed to help organizations protect themselves from cyberthreats.

In today's post, we outline the Essential Eight and explain how Prisma Cloud can help users achieve compliance w.r.t Essential Eight.

## The Essential Eight Defined

The Essential Eight Maturity Model, published in June 2017 and updated regularly, supports the implementation of the Essential Eight. The model is based on ASD's experience in producing cyberthreat intelligence, responding to cybersecurity incidents, conducting penetration testing and assisting organizations to implement the Essential Eight.

The Essential Eight is a cybersecurity framework developed by the ACSC, designed to provide organizations with a comprehensive strategy for safeguarding digital assets. It comprises eight mitigation strategies formulated to strengthen layers of security and provide a solid defense against a range of cyberthreats.

## Essential Eight Security Controls

![Essential Eight security controls](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/07/word-image-326047-1.png)
Figure 1: Essential Eight security controls

* **Application Control**: to control the execution of unauthorized applications and software.
* **Restrict Admin Privileges**: Restricting administrative permissions and access to only specific users to perform their job functions.
* **Multifactor authentication (MFA)**: MFA ensures that even if a password is compromised, the additional layer of security will prevent attackers from gaining access to the system.
* **Patch Applications**: Regularly updating and patching applications to remediate security vulnerabilities and known security risks.
* **Patch Operating Systems**: Regularly updating and patching operating systems to remediate vulnerabilities and security risks.
* **Configure Microsoft Office Macrosettings**: Disabling macros by default in Office, only enabling them when necessary, can significantly reduce this risk of embedded malware.
* **User Application Hardening**: Restrict web browsers and email clients to core features to safeguard against vulnerable functionalities attackers can exploit.
* **Regular Backups**: Data backups offer a reliable method for recovering data lost or compromised due to security incidents.

## Essential Eight Maturity Model

To help organizations implement the Essential Eight, four maturity levels have been established, ranging from Maturity Level Zero to Maturity Level Three. Each level, except for Maturity Level Zero, is designed to address progressively sophisticated cyberthreats, including advanced tools, tactics, techniques and targeting strategies.

When adopting the Essential Eight, organizations should determine a target maturity level that fits their needs. They should then gradually implement each level until they reach the desired level of cybersecurity maturity.

## Maturity Level Zero

Level Zero indicates significant weaknesses in an organization's security measures, making them highly susceptible to attacks. At this level, the risk of [data breaches](https://www.paloaltonetworks.com/cyberpedia/data-breach) or compromises in system integrity and availability is high. It highlights critical vulnerabilities in the organization's overall cybersecurity posture, leaving them exposed to potential threats.

## Maturity Level One

The entry-level stage known as Maturity Level One refers to the status of organizations that have partially rolled out security measures but are not yet comprehensive or consistent. Basic defenses are in place, but they likely won't hold up against complex cyberthreats. The primary focus at this level is countering attackers exploiting common tactics to access and control systems.

## Maturity Level Two

At this intermediate level, most security strategies have been thoroughly implemented, offering improved protection over Maturity Level One. There's still potential for enhancing consistency and effectiveness throughout the organization, though. Here, the focus shifts to combating more sophisticated attackers who invest time and resources into their attempts,including more effective tools.

## Maturity Level Three

This top maturity level signifies that an organization has thoroughly implemented all Essential Eight strategies. The security measures are rigorous, consistently applied, and well-managed. At this level, the focus shifts to dealing with advanced, highly adaptable attackers with less dependency on publicly available tools and techniques. These attackers take advantage of vulnerabilities such as outdated software and inadequate monitoring to establish a foothold. They rapidly use new exploits and advanced tactics to avoid detection and deepen their access.

The Australian Signals Directorate (ASD) recommends that all Australian businesses achieve Maturity Level Three for the optimal malware threat and [cyberattack](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack) protection.

## How Prisma Cloud Helps with Essential Eight Compliance

As a [cloud-native application protection platform (CNAPP)](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform), Prisma Cloud secures applications from code to cloud, offering comprehensive protection tailored to modern development environments. [Prisma Cloud](https://www.paloaltonetworks.com/prisma/whyprisma) helps users navigate compliance by providing automated configuration checks that align with critical frameworks like the Essential Eight. This integration ensures that organizations not only safeguard their applications but also adhere to stringent compliance requirements, fortifying their cybersecurity defenses.

Prisma Cloud offers ACSC Essential Eight as an out-of-the-box compliance standard for all the maturity levels.
![Essential Eight in Prisma Cloud](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/07/word-image-326047-2.png)
Figure 2: Essential Eight in Prisma Cloud

Regarding multifactor authentication guidelines from the Essential Eight, for example, Prisma Cloud provides ready-made policies that evaluate your cloud setup for potential vulnerabilities. These assessments cover accounts on all major cloud platforms, giving you thorough and reliable protection.
![Out-of-the-box MFA policies in Prisma Cloud](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/07/word-image-326047-3.png)
Figure 3: Out-of-the-box MFA policies in Prisma Cloud

In addition to performing automated checks, Prisma Cloud offers remediation steps to resolve identified security problems. Figure 4, for example, demonstrates how to configure MFA on an AWS root account that doesn't have it. Recommendations allow users to promptly fix issues and bolster their security defenses.
![Step-by-step security threat remediation guidance](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/07/word-image-326047-4.png)
Figure 4: Step-by-step remediation guidance

Continuous compliance doesn't end with detection and remediation. Prisma Cloud enables security teams to generate compliance reports with a single click. The reports contain compliance posture details for frameworks supported by Prisma Cloud and are ready to handoff to stakeholders, executives and auditors.

## Learn More

Prisma Cloud enables organizations to maintain strong security against diverse cyberthreats, all while streamlining cloud security management by merging multiple tools into a single Code to Cloud^TM^ platform.

Interested in seeing how Prisma Cloud can elevate your cloud security? [Schedule a personalized demo](https://www.paloaltonetworks.com/prisma/cloud/request-a-prisma-cloud-demo).

*** ** * ** ***

## Related Blogs

### [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Compliance](https://www.paloaltonetworks.com/blog/cloud-security/category/compliance/?ts=markdown)

[#### Cloud Security Simplified: NIST CSF 2.0 Meets Prisma Cloud](https://www2.paloaltonetworks.com/blog/cloud-security/nist-csf-2-compliance/)

### [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Compliance](https://www.paloaltonetworks.com/blog/cloud-security/category/compliance/?ts=markdown)

[#### Breaking Bad Habits with CIS Benchmarks](https://www2.paloaltonetworks.com/blog/cloud-security/breaking-bad-habits-with-cis-benchmarks/)

### [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem-2/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown), [DSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/dspm/?ts=markdown)

[#### Weak Identity Governance Leads to Data Exposure --- 3 Attack Paths Explained](https://www2.paloaltonetworks.com/blog/cloud-security/identity-goverance-data-exposure/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Compliance](https://www.paloaltonetworks.com/blog/cloud-security/category/compliance/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)

[#### Shifting Security Left with Prisma Cloud and HashiCorp Packer](https://www2.paloaltonetworks.com/blog/cloud-security/secure-hashicorp-packer-images/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Compliance](https://www.paloaltonetworks.com/blog/cloud-security/category/compliance/?ts=markdown)

[#### Reduce Your Risk with the Kubernetes CIS Benchmark and Prisma Cloud](https://www2.paloaltonetworks.com/blog/cloud-security/secure-kubernetes-cis-benchmark/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Compliance](https://www.paloaltonetworks.com/blog/cloud-security/category/compliance/?ts=markdown)

[#### 5 Best Practices To Help Secure Docker with Prisma Cloud](https://www2.paloaltonetworks.com/blog/cloud-security/security-best-practices-docker/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language