Free
$0/forever
Diagnose where you stand.
- Initial Check (self-assessment)
- Implementation Guide (all 8 controls)
- Per-control maturity score
- Sync across devices & teammates
An end-to-end workspace for the Essential Eight: a fast initial check, a deep implementation guide for every control, and a thorough audit to validate your uplift.
Two distinct loops: a free loop to understand where you stand, a paid loop to close the gap and prove it.
A 5-minute structured self-assessment surfaces your current Essential Eight maturity per control and overall.
Start check →Pragmatic, technology-agnostic guidance per maturity level, with concrete actions, evidence to capture, and pitfalls to avoid.
Open guide →Your Initial Check turned into a prioritised, trackable plan: close the largest gaps first, in the right order.
See roadmap →A deeper, evidence-based audit. Tougher than the initial check, designed to prove your uplift before an external assessor sees it.
Run audit →Each card links to a deep implementation guide, the current self-assessed maturity level, and a control-specific audit.
YOUNEET starts free for everyone. Upgrade your organisation when you’re ready to plan, track, and validate the uplift.
Diagnose where you stand.
Close the gaps & prove it.
Answer honestly; this is for your eyes only. Aim for the lowest level you can fully meet; partial coverage doesn't count toward a maturity level.
Each control is scored against ACSC maturity levels. A control sits at the highest level whose requirements are fully met.
Tap any control to open the matching implementation guide.
Practical, level-by-level guidance for each control. Use the assessment to focus on your gaps first.
A tougher, evidence-driven check. For every "yes" be ready to point to a configuration, log, ticket, or policy. If you can't, answer "partial" or "no".
Compare against your initial check. Drift between the two is normal and useful: it tells you which controls felt easier than they actually are.
That route doesn't exist. Back to overview.
Read this notice in full before relying on any output produced by YOUNEET. By using the application you accept these terms.
The legalese below is what you accept by using YOUNEET. If anything's unclear, the plain-English summary above is the spirit; the sections below are the letter.
Last updated: 2026-06-01. Authoritative source: the current version of the ACSC Essential Eight Maturity Model at cyber.gov.au prevails over anything stated here.
YOUNEET (the “Application”) is a self-service educational and self-assessment tool designed to assist organisations in understanding, self-assessing against, and planning implementation of the Essential Eight Maturity Model published by the Australian Cyber Security Centre (ACSC), a function of the Australian Signals Directorate (ASD).
The Application addresses the following eight mitigation strategies, using the official terminology defined by the ACSC:
The Application provides, in respect of each mitigation strategy listed above, three distinct features. Each feature is for educational and internal planning purposes only and is described below in the terms used within the Application:
The Application does not constitute legal advice, cybersecurity consulting advice, audit advice, accreditation advice, regulatory advice, insurance advice, or any other form of professional advice. Information generated by the Application is general in nature and does not take into account the specific circumstances, risk profile, legal obligations, contractual obligations, or sectoral regulatory environment of any organisation.
Before relying on any output of the Application for compliance, regulatory, certification, accreditation, contractual, procurement, audit, insurance, or assurance purposes, you should obtain advice from suitably qualified professionals, which may include but is not limited to: assessors registered under the Infosec Registered Assessors Program (IRAP), qualified cybersecurity consultants, internal audit, external audit, and legal counsel.
The Application is an independent educational tool. The Application is not:
Self-assessment outputs produced by the Application reflect the user’s own answers and do not, of themselves, constitute objective evidence that any mitigation strategy is implemented, operating, or effective.
The ACSC periodically revises the Essential Eight Maturity Model. The Application reflects the authors’ good-faith interpretation of the Maturity Model as understood at the time of publication and may not reflect the most recent revision, errata, supplementary guidance, or interpretive material issued by the ACSC, ASD, or any other authority. Users are solely responsible for consulting and applying the current authoritative versions of the Essential Eight Maturity Model and the Information Security Manual published at cyber.gov.au.
The Application is provided “as is” and “as available” without warranties of any kind, whether express, implied, statutory, or otherwise. To the maximum extent permitted by law, the authors, contributors, operators, distributors and hosts of the Application disclaim all warranties including, without limitation, warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, completeness, currency, timeliness, security, reliability, and availability.
To the maximum extent permitted by law, in no event shall the authors, contributors, operators, distributors or hosts of the Application be liable for any direct, indirect, incidental, special, consequential, punitive or exemplary damages (including without limitation damages for loss of profits, revenue, goodwill, data, business interruption, reputation, regulatory fines, or remediation costs arising from a cybersecurity incident) arising out of or in connection with the use of, inability to use, or reliance upon the Application or any of its outputs, even if advised of the possibility of such damages.
Nothing in these terms is intended to exclude, restrict or modify any consumer guarantee or statutory right which cannot lawfully be excluded, including those arising under the Australian Consumer Law (Schedule 2 to the Competition and Consumer Act 2010 (Cth)) or analogous legislation in your jurisdiction.
Using the Application requires an account. When you register, your Initial Check, Validation Audit, evidence-register entries and related assessment data are stored on the operators’ server infrastructure (Cloudflare D1 and, for uploaded evidence, Cloudflare R2 object storage) and are associated with your organisation so that members of your organisation can access and continue the assessment. Assessment data is private to your organisation and is not sold.
The Application relies on the following third-party processors to provide the service: Clerk (authentication and identity: processes your name and email address), Stripe (payment processing for paid subscriptions: processes billing details you provide at checkout; the operators do not store full card numbers), and Cloudflare (hosting, storage and content delivery). The Application also loads typography from Google Fonts, which may collect technical access logs in accordance with Google’s privacy policy.
Organisation administrators can remove members, and account deletion removes your associated identity and assessment data subject to short-lived backups and any retention required by law. If you require export or deletion of your data, contact the operators.
“Essential Eight”, “Essential Eight Maturity Model”, “ACSC”, “Australian Cyber Security Centre”, “Australian Signals Directorate”, “ASD”, “Information Security Manual”, “ISM”, “Infosec Registered Assessors Program” and “IRAP”, and related marks, are trademarks, service marks or registered marks of the Commonwealth of Australia or its agencies. “Microsoft”, “Microsoft Office”, “Internet Explorer”, “Windows”, “PowerShell” and “AppLocker” are trademarks of Microsoft Corporation. All other marks are the property of their respective owners. Use of these marks in the Application is solely descriptive and does not imply endorsement, sponsorship or affiliation.
By using the Application you acknowledge that you have read, understood and accepted this disclaimer and these terms in full. If you do not accept any part of these terms, you must not use the Application.