3 is the ceiling of the model: controls calibrated against adversaries who are skilled, well resourced, and adaptive: the kind who study your specific environment and adjust their tradecraft when a control blocks them. It exists because some organisations genuinely face those adversaries. Most do not, and for them ML3 is the wrong goal.
Who ML3 is actually for
- Organisations in Defence and national security supply chains, where contracts or accreditation frameworks specify it.
- Operators of systems whose compromise has consequences beyond the business itself: critical infrastructure and the vendors deep inside it.
- Businesses holding data valuable enough to attract targeted, persistent campaigns rather than opportunistic crime: think sensitive government datasets, not customer email lists.
If none of those describe you, a well-evidenced ML2 with real detection and response behind it will serve you better than a paper ML3, and it will cost meaningfully less.
What changes at ML3
The pattern from ML2 to ML3 is consistency and speed under adversarial pressure. Application control tightens to the strictest rule sets with vendor-recommended block lists. Patching expectations compress further, driven by how quickly targeted attackers weaponise new vulnerabilities. Privileged access moves toward just-in-time administration with strong isolation between administrative and everyday environments. becomes the norm rather than the exception. And logging shifts from 'collected centrally' to 'actively monitored for signs of compromise'. ML3 quietly assumes someone is watching, which for most organisations means a , in-house or managed.
The step from ML2 to ML3 is usually less about buying new technology and more about operational discipline: exceptions that were tolerated at ML2 get engineered out, and processes that ran monthly start running continuously.
The honest cost conversation
ML3 is expensive in the ways that don't show up on a quote: administrator convenience, application flexibility, and the ongoing staffing to keep controls at that standard permanently. An assessment that rates you ML3 today means little if the discipline decays by Christmas. Organisations that need ML3 should budget for it as an operating posture, not a project.
Where to start
The same place as every maturity conversation: an evidence-based rating of where you are now, control by control. If a contract or framework is demanding ML3, an assessment tells you the true distance and sequences the work. If nothing is demanding it, the assessment usually redirects the budget somewhere it protects more. Either outcome is worth knowing before you spend. With the Essential Eight scheduled for retirement in favour of Essentials by 2027, that assessment should also flag how your target maturity maps into the incoming framework. The controls carry forward, and so should your investment.

