Committee rubbishes agencies' security compliance


By Dylan Bushell-Embling
Wednesday, 25 October, 2017


Committee rubbishes agencies' security compliance

The Joint Committee of Public Accounts and Audit has given poor marks to the government's cybersecurity compliance and resilience, and made a series of recommendations for lifting compliance.

An inquiry into cybersecurity compliance, focused on the Auditor-General's recent audit, found that the ATO and the Department of Immigration and Border Protection are still not compliant with mandatory mitigation strategies that should have been put in place by mid-2014.

In addition, only 65% of all non-corporate government entities were compliant with the Top Four recommended mitigation strategies as of 2015–16, despite these strategies being the minimum requirement for these entities.

The committee recommended that all entities achieve compliance as soon as possible, noting that there is no impediment to the implementation of these strategies.

In addition, the committee has recommended that the government mandate compliance with the Australian Signals Directorate's (ASD) Essential Eight cybersecurity strategies by June 2018.

The ASD and the Attorney-General's Department should meanwhile report annually on the government's cybersecurity posture, and the annual ASD survey should be made mandatory for eligible government entities to complete, the committee found.

Other recommendations include an audit of the effectiveness of the Protected Security Policy Framework's current self-assessment and reporting regime, as well as mandatory compliance with the Internet Gateway Reduction Program for all eligible entities.

Follow us and share on Twitter and Facebook

Related News

Multidisciplinary team conquers 2019 Cyber War Games

The team was championed based on their teamwork, communication, planning, critical thinking and...

DHS holds third Cyber War Games

Operation Tsunami, the DHS's third annual Cyber War Games, aimed to build critical cyber...

ACSC updates Information Security Manual

The ACSC's Information Security Manual has been updated to help organisations stay up to date...


  • All content Copyright © 2019 Westwick-Farrow Pty Ltd