ACSC updates IRAP program

The Australian Cyber Security Centre (ACSC) is enhancing the Information Security Registered Assessor Program (IRAP) to strengthen the cybersecurity assessment framework.

The agency has released an updated IRAP policy and a new IRAP Assessor Training module following an independent review of the program.

The enhanced program has been designed to help develop the capabilities of industry partners, increase the number of cybersecurity assessors and bolster national cybersecurity efforts. It has been developed in consultation with government and industry representatives.

Changes include increases to the standard and consistency of cybersecurity advice provided by IRAP assessors by requiring these assessors to maintain and demonstrate ICT security knowledge.

Other changes include a minimum requirement for IRAP assessors to maintain a Negative Vetting Level 1 Security Clearance, and enhanced governance arrangements in place for assuring IRAP assessors are performing their roles as independent third parties.

The ACSC has also established a revised five-day IRAP training course, which covers both IRAP and Information Security Manual fundamentals.

The new policy will apply to all assessments initiated going forward, and current IRAP assessors will have 24 months to meet new requirements outlined in the policy.

The ACSC is now taking applications for IRAP assessors to take part in the program.

Image credit: ©stock.adobe.com/au/metamorworks