0a8e77e949
- Moved everything from ideas/passepartout/ to projects/passepartout/ - Moved legal structures to projects/flags/ - Created missing _index.org files for all subdirectories - Stripped redundant passepartout- prefix from filenames - Rewrote root _index.org as generalized brain index (projects + concepts) - Updated Hugo nav to Projects/Concepts - Updated build script section descriptions - Deleted stale ideas/passepartout-economics.md orphan
1.1 KiB
1.1 KiB
IRAP (Infosec Registered Assessors Program — Australia)
IRAP (Infosec Registered Assessors Program)
Australian government's cloud security assessment program — analogous to FedRAMP. Cloud services used by Australian government agencies must have an IRAP assessment. Managed by the Australian Cyber Security Centre (ACSC). Assessment levels: Protected (highest), Secret (top secret), Unclassified DLM.
Who must comply: Cloud providers selling to Australian federal, state, and local government agencies. Also critical infrastructure providers.
Why it matters: Like FedRAMP and ISMAP, IRAP is a procurement gate. An IRAP Protected-level assessment is expensive and takes 6-12 months. First-mover advantage: the gate stack's deterministic audit trail can be the primary evidence artifact, reducing assessment scope/cost.