Browse our range of publications including performance and financial statement audit reports, assurance review reports, information reports and annual reports.
Cyber Security Strategies of Non-corporate Commonwealth Entities

Please direct enquiries through our contact page.
The objective of this audit is to assess the effectiveness of cyber security risk mitigation strategies implemented by selected non-corporate Commonwealth entities to meet mandatory requirements under the Protective Security Policy Framework (PSPF), and the support provided by the responsible cyber policy entities.
Audit criteria
The ANAO proposes to examine whether:
- the selected entities have fully implemented the Top Four cyber security risk mitigation strategies or otherwise adopted strategies and actions to progress towards full implementation; and
- the three entities responsible for cyber policy in the Commonwealth (the Australian Signals Directorate, the Attorney-General’s Department and Department of Home Affairs) have worked together to support accurate self-assessment and reporting by non-corporate Commonwealth entities, and to improve those entities’ implementation of cyber security requirements under the PSPF.
Entities
- Attorney-General’s Department
- Australian Signals Directorate
- Australian Trade and Investment Commission
- Department of Education, Skills and Employment
- Future Fund Management Agency
- Department of Health
- Department of Home Affairs
- IP Australia
- Department of the Prime Minister and Cabinet
Work program portfolios
This in-progress performance audit is featured in 9 annual audit work program portfolios: