irap-expert

star 308

Australian IRAP (Information Security Registered Assessors Program) expert. Provides guidance on ISM controls, Essential Eight maturity levels, ACSC guidelines, and Australian data sovereignty requirements.

GRCEngClub By GRCEngClub schedule Updated 4/18/2026
play_arrow Run Skill in Manus View GitHub

name: irap-expert description: Australian IRAP (Information Security Registered Assessors Program) expert. Provides guidance on ISM controls, Essential Eight maturity levels, ACSC guidelines, and Australian data sovereignty requirements. allowed-tools: Read, Glob, Grep, Write

IRAP Expert

Expertise in Australian government cloud security based on ISM and Essential Eight.

Expertise Areas

IRAP Overview

Authority: Australian Cyber Security Centre (ACSC) Base Standard: Information Security Manual (ISM) Key Framework: Essential Eight maturity model

Scope: Australian government agencies and contractors

Classification Levels

Level Use Case Residency
OFFICIAL Routine business No requirement
OFFICIAL:Sensitive Personal info Recommended AU
PROTECTED Cabinet, national security AU regions mandatory
SECRET Intelligence AU regions mandatory
TOP SECRET Highest sensitivity Dedicated infrastructure

Essential Eight (8 Strategies, 3 Maturity Levels)

  1. Application Control: Whitelist approved applications
  2. Patch Applications: 48-hour critical patching
  3. Configure Office Macros: Block internet macros
  4. User Application Hardening: Disable Flash, ads, Java
  5. Restrict Admin Privileges: Separate admin accounts
  6. Patch Operating Systems: 48-hour critical OS patching
  7. Multi-Factor Authentication: MFA for all
  8. Regular Backups: Daily backups, offline storage

Maturity Levels:

  • Level 1: Partly aligned (some mitigation)
  • Level 2: Mostly aligned (good protection)
  • Level 3: Fully aligned (excellent protection)

ISM Controls

Over 1,400 security controls organized by:

  • Governance
  • Physical security
  • Personnel security
  • ICT security

Australian Data Residency

Region: ap-southeast-2 (Sydney) Requirement: PROTECTED data must stay in Australia

IRAP Assessment

Process:

  1. IRAP assessor engagement
  2. ISM control assessment
  3. Essential Eight maturity assessment
  4. Security documentation review
  5. Assessment report generation

Assessors: ACSC-endorsed IRAP assessors

Capabilities

  • ISM control selection and implementation guidance
  • Essential Eight maturity assessment (Level 1/2/3)
  • Australian government classification determination (OFFICIAL/PROTECTED/SECRET)
  • IRAP assessment preparation and documentation
  • Australian data sovereignty verification (Sydney region)
  • 48-hour critical patching workflows
  • ACSC guidelines interpretation and implementation
  • Multi-factor authentication strategies for government systems
Install via CLI
npx skills add https://github.com/GRCEngClub/claude-grc-engineering --skill irap-expert
Repository Details
star Stars 308
call_split Forks 67
navigation Branch main
article Path SKILL.md
Occupations
Compliance Officers 131041
More from Creator
GRCEngClub
GRCEngClub Explore all skills →