Select Page

Audit: Fed govt cyber resilience unchanged since last year: auditor | iTnews

Audit: Fed govt cyber resilience unchanged since last year: auditor | iTnews

Australian Audit Fail June 10 2021

Australian National Audit Office (ANAO) finds cyber resilience unchanged since last year

Only one of 18 agency audited hits Essential Eight baseline.

Australian National Audit Office: Interim Report on Key Financial Controls of Major Entities
Reported in: Fed govt cyber resilience unchanged since last year: auditor | iTnews
Read more Audit Reports

The audit which was released just prior to revelations the government will mandate the Essential Eight – looked at the 2019-20 ‘Policy 10’ self-assessments of 18 agencies, including the Department of Defence, Services Australia and the Australian Taxation Office.

Policy 10 – part of the protective security policy framework (PSPF) – requires entities to achieve a maturity level of ‘managing’, which the Australian National Audit Office (ANAO) said is equivalent to Essential Eight maturity level three.

An agency is considered to have achieved the ‘managing’ maturity when it has implemented all of the ‘top four’ cyber security controls and has considered the remaining four voluntary controls.

While three agencies were found to have “significantly improved” their maturity since the 2019-20 report, the ANAO said “most entities were still significantly below the ‘policy 10’ requirements”.

The ANAO said the lowest level of compliance continues to be with the mandatory patching applications control, followed by the non-mandatory multi-factor authentication and user application hardening controls.

About The Author

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More Australian News

Receive Weekly Australian News and Monthly Incident Review Emails

No advertisements, marketing, sales, or unsolicited emails. Your email address is ONLY used to send the publications listed above.

* indicates required

Australian Cyber YouTube

Share This