The Australian Cyber Security Centre (ACSC) leads its government’s efforts to monitor threats and improve cyber security for individuals and families, small and medium businesses, major organizations and vital infrastructure, and government entities. Keeping watch 24 hours a day, seven days a week, the ACSC is dedicated to helping Australia be the most secure place to thrive and connect online.
What is IRAP?
There are several programs that the ACSC administers to safeguard the country from cyber incidents. One of particular significance is the Information Security Registered Assessors Program (IRAP), a program that certifies qualified individuals to perform security assessments against the Information Security Manual (ISM), which is a comprehensive framework for information security requirements that are applied against government systems, cloud services, and cloud service providers. It is noteworthy to mention that recently announced the completion of this important assessment. Following a data center expansion to Australia last year, the Duo IRAP assessment came at an opportune time, enabling us to better serve our regulated customers in the country’s various sectors.
What was the process to complete Duo’s IRAP assessment?
According to the ACSC on their website, “Cloud computing offers a range of potential cyber security benefits for cloud consumers to leverage, providing access to advanced security technologies, shared responsibilities, fine-grained access management, comprehensive monitoring and highly redundant geographically dispersed cloud services.” To address requirements in the assessment, Duo was evaluated in multiple phases in accordance with the methodology process, which you can see in more detail in the Anatomy of a Cloud Assessment and Authorisation.
Upon the successful completion of the IRAP evaluation, a security assessment letter and the assessment report were issued. For your information, both documents are available for you, as well as Cisco customers, to view via the Trust Portal.
What security classification was Duo assessed for?
Within IRAP, and under the Australian Government Protective Security Policy Framework, there are four classifications that the ISM defines the applicability of information sensitivity and security. They are: OFFICIAL, PROTECTED, SECRET and TOP SECRET. Duo completed an assessment against the PROTECTED controls.
Given the occurrences of cyber security threats and attacks in our world’s digital ecosystem, it is imperative that countries take steps to safeguard their citizens, businesses, infrastructure and more. We are on a journey to provide secure access, mitigate security risks and empower everyone to safely and confidently connect online. Cisco remains intently committed to complying with governments’ additional security measures and assuring the delivery of a user-friendly zero-trust security platform for all users, all devices and all applications.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels