Reorganize brain: projects/ top level, rename filenames, update homepage
- Moved everything from ideas/passepartout/ to projects/passepartout/ - Moved legal structures to projects/flags/ - Created missing _index.org files for all subdirectories - Stripped redundant passepartout- prefix from filenames - Rewrote root _index.org as generalized brain index (projects + concepts) - Updated Hugo nav to Projects/Concepts - Updated build script section descriptions - Deleted stale ideas/passepartout-economics.md orphan
This commit is contained in:
Hermes
24
projects/passepartout/strategy/compliance/irap.org
Normal file
24
projects/passepartout/strategy/compliance/irap.org
Normal file
@@ -0,0 +1,24 @@
|
||||
:PROPERTIES:
|
||||
:ID: 7f46764b-47b8-4892-a526-2c1b9ee6e6df
|
||||
:ID: auto-irap
|
||||
:CREATED: [2026-05-23 Sat]
|
||||
:END:
|
||||
#+title: IRAP (Infosec Registered Assessors Program — Australia)
|
||||
#+filetags: :passepartout:compliance:framework:irap:
|
||||
|
||||
|
||||
** IRAP (Infosec Registered Assessors Program)
|
||||
|
||||
Australian government's cloud security assessment program — analogous to
|
||||
[[id:e6993701-3c67-49bf-82f3-06907572cbf3][FedRAMP]]. Cloud services used by Australian government agencies must have an
|
||||
IRAP assessment. Managed by the Australian Cyber Security Centre (ACSC).
|
||||
Assessment levels: Protected (highest), Secret (top secret), Unclassified DLM.
|
||||
|
||||
Who must comply: Cloud providers selling to Australian federal, state, and
|
||||
local government agencies. Also critical infrastructure providers.
|
||||
|
||||
Why it matters: Like FedRAMP and [[id:085b76cc-4a65-4660-9c70-85aee10ca99e][ISMAP]], IRAP is a procurement gate. An IRAP
|
||||
Protected-level assessment is expensive and takes 6-12 months. First-mover
|
||||
advantage: the gate stack's deterministic audit trail can be the primary
|
||||
evidence artifact, reducing assessment scope/cost.
|
||||
|
||||
Reference in New Issue
Block a user