The ACSC has released an updated IRAP policy and new IRAP Assessor Training to strengthen the cyber security assessment framework following an independent review.
The enhanced program will help to develop the capabilities of industry partners, increase the number of cyber security assessors and bolster national cyber security efforts.
The implementation of the independent review recommendations are part of the ACSC's continued drive to help make Australia the most secure place to connect online.
In conjunction with the release of the updated policy and IRAP Assessor Training, the ACSC is now accepting applications for IRAP assessors.
Changes to the IRAP include:
- increases to the standard and consistency of cyber security advice provided by IRAP assessors, by requiring assessors to maintain and demonstrate ICT security knowledge
- enhanced governance arrangements to provide additional assurance that IRAP assessors are performing their roles as independent third parties
- a minimum requirement for IRAP assessors to maintain a Negative Vetting Level 1 Security Clearance
- a revised five-day IRAP training course, which covers both IRAP and Information Security Manual fundamentals.
The updated IRAP policy and training has been co-designed by the ACSC with government and industry representatives through a series of Consultative Forums to improve the culture and governance of the program.
Completed or ongoing assessments will not be affected by the updated policy. The policy will apply to all assessments initiated after 15 December 2020, and current IRAP assessors will have 24 months to meet new requirements outlined in the policy.
