Australia's national auditor has placed the Australian Federal Police, the Communications and Agriculture departments and money-laundering watchdog AUSTRAC on its hit list for a second round of in-depth infosec assessments.
The Australian National Audit Office has started combing through the cyber defences of the four agencies to ascertain whether they meet the demands of the mandatory federal government Information Security Manual (ISM).
Since last July, agencies have been required to comply with the Australian Signals Directorate’s top four cyber attack mitigation strategies under the ISM.
The four demands include application whitelisting, keeping application and operating system patches up to date, and minimising administrative privileges.
The ANAO audited seven agencies in June last year before the ISM compliance state came into effect, and found the agencies were unlikely to be compliant before the June 30 deadline.
Prior to the 2014 audit, the last time the ANAO looked into ISM compliance was March 2011, when the office reported on the security of information held by the Office of Financial Management, ComSuper, Medicare and the Department of Prime Minister and Cabinet.
The ANAO expects to hand down its latest findings in in the last quarter of this year. It is current calling for submissions from members of the public.