Select Page

Audit: Cyber basics still beyond fed gov as Essential Eight mandate looms | iTnews

Audit: Cyber basics still beyond fed gov as Essential Eight mandate looms | iTnews

Australian National Audit Office Report June 10 2022

Cyber basics still beyond fed gov as Essential Eight mandate looms

Audit finds most controls “still significantly below” requirement.

Australian National Audit Office Report: The Auditor-General Auditor-General Report No.32 2021–22 Financial Statements Audit
Reported in: Cyber basics still beyond fed gov as Essential Eight mandate looms | iTnews
Read more Audit Reports

Federal government agencies are continuing to struggle to implement the ‘Essential Eight’ cyber security controls, with only two of 19 agencies recently examined by the national auditor making the required grade.

A total of 36 IT control environment findings were reported to the entities comprising no significant, 10 moderate, 26 minor. the majority of the findings are related to the management of user terminations, logging and monitoring of privileged users, and password management.

Reported compliance with the PSPF Policy 10 requirements

IT Control Environment 0

10 26
IT Security 0

9 21
IT Change Management 0

1 4
Disaster Recovery Arrangements 0

0 1

 
ANAO E8 yearly trend

The ANAO noted that a parliamentary inquiry last year had recommended the need for greater accountability of the cyber security requirements, including over the self-assessment process.

“While entities’ compliance with PSPF cyber security requirements remains low, there continues to be the risk of compromise to information,” it said.

From July 2022, non-corporate Commonwealth entities will be expected to implement Essential Eight maturity level two mitigations to achieve a managing maturity rating under Policy 10 part of the protective security policy framework (PSPF).

 


About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More Australian News

Weekly Australian News and Monthly Incident Review Emails

No advertisements, marketing, sales, or unsolicited emails. Your email address is ONLY used to send the publications listed above.

* indicates required


Shares
Share This