24 lines
1003 B
Org Mode
24 lines
1003 B
Org Mode
:PROPERTIES:
|
|
:ID: auto-irap
|
|
:CREATED: [2026-05-23 Sat]
|
|
:END:
|
|
#+title: IRAP (Infosec Registered Assessors Program — Australia)
|
|
#+filetags: :passepartout:compliance:framework:irap:
|
|
|
|
|
|
** IRAP (Infosec Registered Assessors Program)
|
|
|
|
Australian government's cloud security assessment program — analogous to
|
|
[[file:fedramp.org][FedRAMP]]. Cloud services used by Australian government agencies must have an
|
|
IRAP assessment. Managed by the Australian Cyber Security Centre (ACSC).
|
|
Assessment levels: Protected (highest), Secret (top secret), Unclassified DLM.
|
|
|
|
Who must comply: Cloud providers selling to Australian federal, state, and
|
|
local government agencies. Also critical infrastructure providers.
|
|
|
|
Why it matters: Like FedRAMP and [[file:ismap.org][ISMAP]], IRAP is a procurement gate. An IRAP
|
|
Protected-level assessment is expensive and takes 6-12 months. First-mover
|
|
advantage: the gate stack's deterministic audit trail can be the primary
|
|
evidence artifact, reducing assessment scope/cost.
|
|
|