Three of Australia's biggest government agencies are under increased scrutiny over their compliance with cyber security obligations following a damning audit.
The Australian Taxation Office and the Immigration department were scolded by the national auditor in March for failing to be compliant with the ASD"s top four cyber mitigation strategies.
The audit looked into the cyber defences of the ATO and Immigration as well as the Department of Human Services, and found only DHS was "cyber resilient".
Immigration and the ATO had failed to properly implement application whitelisting, patch operating systems and applications, and were not effectively managing their IT supplier contacts, the ANAO found.
The agencies are two of the biggest technology shops in government: Immigration's systems process seven million visas and inspect two million cargo imports and exports per year, while the ATO's electronic lodgement systems collect $440 billion annually.
DHS's IT systems process $172 billion in payments each year, and all three agencies collect a large amount of sensitive data.
Parliament's joint committee of public accounts and audit has now launched an inquiry into the agencies' cyber security compliance following the audit report.
“Cybersecurity is integral to protect government systems and secure the continued delivery of government business," committee chair and senator Dean Smith said in a statement.
"Government entities are required to implement mitigation strategies to reduce the risk of cyber intrusions."
The inquiry is intended to keep the heat on the agencies to comply with the mandated ASD cyber mitigation strategies.
All three pledged to the ANAO to periodically assess their compliance, and improve and regularly review their governance and oversight arrangements.
The committee is taking submissions until April 27.