The audit would continue the ANAO’s series of audits of cyber security. The scope would include comparing the entities’ cyber security framework and controls against the mandatory controls required under the Protective Security Policy Framework and the Australian Signals Directorate’s Essential Eight Maturity Model.