Working though an Essential Eight Maturity assessment at the moment.  “What is the Essential Eight?” you might be wondering

The Essential Eight are designed to protect Microsoft Windows-based internet-connected networks. While the Essential Eight may be applied to cloud services and enterprise mobility, or other operating systems, it was not primarily designed for such purposes and alternative mitigation strategies may be more appropriate to mitigate unique cyber threats to these environments. In such cases, organisations should consider alternative guidance provided by the ACSC.
– Australian Cyber Security Centre (ACSC)

I stumbled this series of posts by Data#3, which is informative:

1. Your guide to the ACSC’s Essential Eight Maturity Model Updates – Data#3 (data3.com)
2. Essential Eight Maturity Model: Application Control – Data#3 (data3.com)
3. Essential Eight Maturity Model: Patch Applications – Data#3 (data3.com)
4. Essential Eight Maturity Model: Configure Microsoft Office Macro Settings – Data#3 (data3.com)
5. Essential Eight Maturity Model: User Application Hardening – Data#3 (data3.com)
6. Essential Eight Maturity Model: Restrict Administrative Privileges – coming soon
7. Essential Eight Maturity Model: Patch Operating Systems – coming soon
8. Essential Eight Maturity Model: Multi-Factor Authentication – coming soon
9. Essential Eight Maturity Model: Regular Backups – coming soon