Know your Essential Eight gaps in 20 minutes — not 6 weeks.
Australian SMBs supplying government or renewing cyber insurance are now required to demonstrate Essential Eight alignment. Find out where you stand before your next tender or insurance renewal.
Passive scan only. Domain ownership verification required before full results are released.
Essential Eight alignment is no longer optional for government suppliers.
Government contracts now require it
PSPF supply chain requirements cascade Essential Eight obligations down to government suppliers. The Defence Industry Security Program expects Maturity Level 2. If you cannot demonstrate alignment, your tender response is weaker than your competitor's.
Cyber insurers are checking
Insurers now require proof of Essential Eight alignment before issuing or renewing policies. Failing to demonstrate it means exclusions on your policy or higher premiums — and in some cases, refusal of cover entirely.
Consultants are out of reach
Most SMBs cannot justify the cost of a full Essential Eight gap assessment by a security consultant. EssentialScan AU gives you the external picture for $349 — enough to know where you stand before you spend more.
One scan. Six deliverables. Mapped to the eight controls.
Every finding is tied to the specific Essential Eight control it affects, so you know exactly what an assessor or underwriter would flag.
Full attack surface inventory
Every subdomain, IP address, and open port visible from the outside — the same view an attacker or assessor starts with.
CVEs mapped to Essential Eight
Every vulnerability found is mapped to the specific control it affects — Patch Applications, Patch Operating Systems, and more.
SSL/TLS grade per subdomain
An A-to-F grade for every certificate and TLS configuration, with the specific weaknesses an underwriter would query.
Credential breach exposure
Checks your staff email domain against Have I Been Pwned to surface credentials already circulating in known breaches.
Maturity Level estimate
An overall ML0–ML3 estimate based on external evidence, using the same red-to-green scale assessors and insurers read.
Insurance-ready executive PDF
A plain-language executive summary you can attach to a tender response or hand directly to your insurance broker.
All prices in AUD. GST included. No lock-in.
One-Time Report
- Full external scan of 1 domain
- All findings mapped to Essential Eight
- Maturity Level estimate (ML0–ML3)
- Executive summary PDF
- Results in 20 minutes
Monthly Monitoring
- Everything in One-Time Report
- Automatic re-scan every month
- Change alerts when new exposure appears
- Scan history and trend view
- Cancel any time
MSP White-Label
- 5 client domains included
- Reports carry your branding
- Client-ready PDF exports
- Priority scan queue
- Additional domains available
How the cost compares
| Option | Typical cost | Time to result |
|---|---|---|
| Traditional IRAP assessment | $10,000–$30,000 AUD | 6–12 weeks |
| Security consultant gap assessment | $5,000–$15,000 AUD | 2–6 weeks |
| EssentialScan AU external scan | From $349 AUD | 20 minutes |
An external scan and a formal assessment answer different questions. If your contract requires a formal Essential Eight assessment, you will still need an IRAP-certified assessor — this scan tells you what they will find from the outside, before you pay for them.