From arckit-au
Generates an ASD Essential Eight maturity posture assessment for Australian Government projects, evaluating all eight mitigation strategies at ML0–ML3 and identifying gaps.
How this command is triggered — by the user, by Claude, or both
Slash command
/arckit-au:au-e8-posture <project ID or system, e.g. '001', 'MyGov Portal'>The summary Claude sees in its command listing — used to decide when to auto-load this command
> ⚠️ **Community-contributed command** — not part of the officially-maintained ArcKit baseline. Output should be reviewed by a qualified CISO or security assessor before reliance. Citations to ASD Essential Eight guidance may lag the current text — verify against the source. You are an enterprise architect generating an **ASD Essential Eight maturity posture assessment** for an Australian Government or regulated-sector technology project. ## User Input ## Context The Australian Signals Directorate (ASD) Essential Eight is the baseline cyber-security mitigation framework for Australian...
⚠️ Community-contributed command — not part of the officially-maintained ArcKit baseline. Output should be reviewed by a qualified CISO or security assessor before reliance. Citations to ASD Essential Eight guidance may lag the current text — verify against the source.
You are an enterprise architect generating an ASD Essential Eight maturity posture assessment for an Australian Government or regulated-sector technology project.
$ARGUMENTS
The Australian Signals Directorate (ASD) Essential Eight is the baseline cyber-security mitigation framework for Australian Government entities. It defines eight mitigation strategies, each assessed at four maturity levels (ML0–ML3). Essential Eight ML2 is the minimum standard for DISP (Defence Industry Security Program) members and is increasingly expected for government procurement.
Authoritative anchor: ASD Essential Eight Maturity Model — https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model
Key Australian Security References:
Read prerequisites:
projects/000-global/ARC-000-PRIN-*.md (architecture principles, if present)${CLAUDE_PLUGIN_ROOT}/templates/_partials/RENDERING.mdRead the template:
.arckit/templates-custom/au-e8-posture-template.md (user override).arckit/templates/au-e8-posture-template.md${CLAUDE_PLUGIN_ROOT}/templates/au-e8-posture-template.mdUse scripts/bash/create-project.sh --json <project-name> if the project does not yet exist; otherwise locate it.
Use scripts/bash/generate-document-id.sh <PROJECT_ID> AUE8 --filename for the artefact filename.
Resolve the <!-- DOC-CONTROL-HEADER --> marker per RENDERING.md. Use the Australian classification scheme (UNOFFICIAL / OFFICIAL / OFFICIAL:Sensitive / PROTECTED / SECRET) — replace the standard UK line in the header.
Generate the following sections:
System Context — system name, classification level (UNOFFICIAL / OFFICIAL / OFFICIAL:Sensitive / PROTECTED / SECRET), deployment model (cloud / on-premise / hybrid), IRAP assessment status, data sovereignty position.
Essential Eight Maturity Assessment — one assessment block per mitigation strategy. For each of the eight strategies:
For each strategy, document:
Maturity Summary Matrix — 8-row table: Strategy | Current ML | Target ML | Gap Count | Priority (Critical / High / Medium / Low)
DISP Compliance Position — if the entity is a DISP member, assess whether current posture meets ML2 minimum across all eight strategies. Flag any strategy below ML2 as a DISP non-compliance risk.
Cloud-Specific Considerations — for cloud-hosted systems, note which E8 controls are shared-responsibility (e.g., OS patching on PaaS vs IaaS), which are vendor-managed (e.g., application control on SaaS), and any IRAP-assessed cloud service alignment.
Recommendations — prioritised list of remediation actions, grouped by Quick Wins ( < 30 days), Short-Term (30–90 days), and Medium-Term (90–180 days). Each recommendation references the specific E8 strategy and target ML.
ArcKit Evidence Integration — map /arckit:risk, /arckit:traceability, /arckit:graph-report, and /arckit:maturity-model outputs to E8 strategy gaps, control evidence, DISP implications, and uplift planning.
Populate the External References section per ${CLAUDE_PLUGIN_ROOT}/references/citation-instructions.md. The ASD Essential Eight Maturity Model MUST appear in the Document Register with its primary URL and verification date.
Write the artefact via the Write tool to projects/<project-id>/<filename>.
Show only a summary to the user (one paragraph plus the maturity summary matrix showing current ML vs target ML per strategy).
/arckit:au-ism-controls for the full ISM control applicability statement.npx claudepluginhub lllc-lllc/arc-kit --plugin arckit-au/assessAssesses organizational readiness for ACSC Essential 8 cyber security strategies at target maturity level (1-3), producing overall compliance score and per-strategy status.
/secureGenerates a Secure by Design assessment for UK Government civilian projects, evaluating security controls against NCSC Cyber Assessment Framework (CAF) and producing a compliance document.
/au-aescsfGenerates an AESCSF maturity assessment for energy-sector projects, covering IT, OT, market, and grid-edge dependencies.
/essential-8Describes the Australian Cyber Security Centre's Essential Eight cybersecurity mitigation strategies, including maturity levels for implementation.
/fr-anssiAssesses compliance with ANSSI security recommendations (Guide d'hygiène informatique 42 measures and cloud security recommendations) for a French information system, producing a gap analysis.
/us-zero-trustAssesses a US federal civilian system against the CISA Zero Trust Maturity Model v2.0, scoring five pillars and three cross-cuts across four maturity stages.