Cyber Security Strategies of Non-corporate Commonwealth Entities
The objective of this audit is to assess the effectiveness of cyber security risk mitigation strategies implemented by selected non-corporate Commonwealth entities to meet mandatory requirements under the Protective Security Policy Framework (PSPF), and the support provided by the responsible cyber policy entities.
The ANAO proposes to examine whether:
- the selected entities have fully implemented the Top Four cyber security risk mitigation strategies or otherwise adopted strategies and actions to progress towards full implementation; and
- the three entities responsible for cyber policy in the Commonwealth (the Australian Signals Directorate, the Attorney-General’s Department and Department of Home Affairs) have worked together to support accurate self-assessment and reporting by non-corporate Commonwealth entities, and to improve those entities’ implementation of cyber security requirements under the PSPF.
- Attorney-General’s Department
- Australian Signals Directorate
- Australian Trade and Investment Commission
- Department of Education, Skills and Employment
- Future Fund Management Agency
- Department of Health
- Department of Home Affairs
- IP Australia
- Department of the Prime Minister and Cabinet