Committee rubbishes agencies' security compliance
The Joint Committee of Public Accounts and Audit has given poor marks to the government's cybersecurity compliance and resilience, and made a series of recommendations for lifting compliance.
An inquiry into cybersecurity compliance, focused on the Auditor-General's recent audit, found that the ATO and the Department of Immigration and Border Protection are still not compliant with mandatory mitigation strategies that should have been put in place by mid-2014.
In addition, only 65% of all non-corporate government entities were compliant with the Top Four recommended mitigation strategies as of 2015–16, despite these strategies being the minimum requirement for these entities.
The committee recommended that all entities achieve compliance as soon as possible, noting that there is no impediment to the implementation of these strategies.
In addition, the committee has recommended that the government mandate compliance with the Australian Signals Directorate's (ASD) Essential Eight cybersecurity strategies by June 2018.
The ASD and the Attorney-General's Department should meanwhile report annually on the government's cybersecurity posture, and the annual ASD survey should be made mandatory for eligible government entities to complete, the committee found.
Other recommendations include an audit of the effectiveness of the Protected Security Policy Framework's current self-assessment and reporting regime, as well as mandatory compliance with the Internet Gateway Reduction Program for all eligible entities.
Half of government agencies falling short on email security measures: report
Lack of consistency across Australian Government bodies leaves critical vulnerabilities in the...
CISA and Microsoft warn of “active attacks” on SharePoint
Alerts have been published active attacks exploiting a remote code execution vulnerability in...
NSW Government agencies have ineffective cybersecurity controls: report
The Audit Office of New South Wales has found that NSW Government agencies still have minimal...