What the IRAP program does
IRAP provides the framework to endorse individuals from the private and public sectors to provide cyber security assessment services to Australian governments. Endorsed IRAP assessors can provide an independent assessment of ICT security, suggest mitigations and highlight residual risks. IRAP assessors can provide assessment up to the TOP SECRET level for:
The Cloud Services Certification Program (CSCP) ceased on 2 March 2020. ASD will cease the Certified Cloud Services List (CCSL) on 27 July 2020. Concurrently ASD will release the Cloud Security Guidance package. This is to ensure that arrangements, including guidance and industry preparation, are consistent with the threat environment.
In July 2019, the Australian Signals Directorate (ASD) commissioned an independent review of its Cloud Services Certification Program (CSCP) and Information Security Registered Assessors Program (IRAP). For the public statement on the review outcomes, see Joint ASD-DTA Public Statement on Independent Review of CSCP and IRAP.
In line with review recommendations, ASD will enhance its support and delivery of IRAP. ASD will be accepting applications for new IRAP Assessors and will restart IRAP training sessions.
The boost to the IRAP community will deliver greater resources and higher standards, to support government in maintaining its assurance and risk management activities.
ASD will improve the training and assessment of IRAP assessors to bring a greater consistency of skills within the IRAP community.