List of Recommendations

Recommendation 1

2.9

The Committee recommends that the Australian Taxation Office and Department of Immigration and Border Protection report back to the Committee on their progress to achieving full compliance with the Top Four mitigation strategies by June 2018, including advice as to barriers and timelines to complete outstanding actions.

Recommendation 2

2.12

The Committee recommends that the Australian Government mandate the Australian Signals Directorate’s Essential Eight cybersecurity strategies for all Public Governance, Performance and Accountability Act 2013 entities, by June 2018.

Recommendation 3

2.14

The Committee recommends that the Australian Taxation Office and Department of Immigration and Border Protection report back to the Committee on their progress in implementing ANAO Recommendation 1, including advice as to barriers and timelines to complete outstanding actions.

Recommendation 4

2.16

The Committee recommends that the Auditor-General consider conducting an audit of the effectiveness of the self-assessment and reporting regime under the Protected Security Policy Framework.

Recommendation 5

2.19

The Committee recommends that the Attorney-General’s Department and the Australian Signals Directorate report annually on the Commonwealth’s cybersecurity posture to the Parliament, such as through the Parliamentary Joint Committee on Intelligence and Security.

Recommendation 6

3.6

The Committee recommends that in future audits on cybersecurity compliance, the ANAO outline the behaviours and practices it would expect in a cyber resilient entity, and assess against these.

Recommendation 7

3.8

The Committee recommends that the Australian Taxation Office and Department of Immigration and Border Protection report back to the Committee on their progress in implementing ANAO Recommendation 2, including advice as to barriers and timelines to complete outstanding actions.

Recommendation 8

3.10

The Committee recommends that by June 2018, the Australian Government make the annual ASD survey mandatory for all Public Governance, Performance and Accountability Act 2013 entities to complete.

Recommendation 9

3.13

The Committee recommends the Australian Government make the Internet Gateway Reduction Program mandatory for all Public Governance, Performance and Accountability Act 2013 entities.

Recommendation 10

3.15

The Committee recommends that the Digital Transformation Agency report back to the Committee on the review of the Internet Gateway Reduction Program, including:

a progress report on the review by December 2017

outcomes of the review and associated key actions and corresponding timelines by April 2018.

| Contents |