#1
Configuration Control
The overall configuration of all system applications including protective security apps and systems.
ABC
02 · 
Cybersecurity And Resilience Lifecycle
Cybersecurity And Resilience LifecycleModern cybersecurity
isn't a product.
C.A.R.L® extends the Australian Cyber Security Centre's Essential 8, layered with CIS and NIST, into a continuous resilience system. We measure maturity across 14 Vital Metrics™ — and review, quarterly, without exception.
LIVE · Anonymised client snapshot
C.A.R.L® Health Bar™ · v4.2
Last sync · 04:12 AEST
#1 — Configuration ControlConfiguration Control0%
#2 — Continuous OptimisationContinuous Optimisation0%
#3 — Access & IdentityAccess & Identity0%
#4 — Connected TechConnected Tech0%
Essential 8 · Maturity Level 2 achievedNext audit · Q3 2026Full report
The 14 Vital Metrics™
Audit first. Then uplift.
A typical C.A.R.L® audit reveals gaps across the 14 metrics. Our program brings every metric to industry best practice or beyond.
Before — typical auditPre-C.A.R.L®
A
B
C
D
E
F
G
H
I
J
K
L
M
N
Level 0Maturity ——→Level 3
After — C.A.R.L® programPost-C.A.R.L®
A
B
C
D
E
F
G
H
I
J
K
L
M
N
Level 0Maturity ——→Level 3
AApplication ControlE8·1
BConfigure MS Office MacrosE8·3
CUser Application HardeningE8·4
DPatch Operating SystemsE8·6
EPatch ApplicationsE8·2
FDaily BackupsE8·8
GRestrict Admin PrivilegesE8·5
HMulti-Factor AuthenticationE8·7
IUser Management
JSecurity Clearance Management
KPassword Management
LInventory Optimisation
MCloud Monitoring
NConnection Robustness
#2
Continuous Optimisation
Continuous monitoring and updating of operating systems, applications, back-up systems, processes and procedures.
DEF
#3
Access & Identity
Management of user identity, access, administration and security privileges including identity validation and authentication.
GHIJK
#4
Connected Tech
Management and optimisation of all elements of the IT ecosystem — hardware, cloud infrastructure, and the connections between them.
LMN
Investment
$250/ user / mo
ex gst
ex gst
Core C.A.R.L® delivery for premium Managed Service clients. Includes set-up and all necessary subscriptions, managed seamlessly.
High Risk & Critical Infrastructure engagements — POA.
Delivered via, amongst others
Airlock DigitalMicrosoft IntuneDuoNinjaOnePatchMyPCSkykickCoveMicrosoft Defender for CloudLiongardMSP MagicBitdefenderATPLastPassProofpointScalepadLifecycle Manager
Start a conversation
We respond within
one business hour.
Tell us what you're trying to protect, build or quietly fix. A senior engineer — not a salesperson — reads your message first.