The Australian National Audit Office (ANAO) has completed another round of cyber compliance testing, finding Treasury was compliant with the Australian Signals Directorate (ASD) Top 4 mitigated strategies, while the National Archives and Geoscience Australia was lacking.
ANAO said it has now found only four government entities compliant with the Top 4 requirement that was made mandatory in April 2013, from the 14 organisations it has examined.
In early 2017, the Top 4 was expanded to the Essential Eight, with ANAO finding all three agencies in this round were only compliant with one of the expanded requirements.
“These findings provide further evidence that the implementation of the current framework is not achieving compliance with cyber security requirements, and needs to be strengthened,” ANAO said.
With guides to cyber compliance being provided by the Attorney-General’s Department (AGD) in the form of the Protective Security Policy Framework (PSPF) and by ASD with the Essential Eight Maturity Model (EEMM), ANAO was at pains to point out the conflicting requirements.
…
