Essential Eight cyber security controls to be mandated for almost all federal departments and agencies

By Cameron AbbottWarwick Andersen, Rob Pulham and Jacqueline Patishman

It’s been reported that the Federal Government is planning on making implementation of the Essential Eight cyber security controls for all Commonwealth entities (excluding corporate Commonwealth entities). The Essential Eight is a baseline set of security strategies designed to minimise the risk of security incidents.  At this stage, no guidance has been provided as to the timeline for when this might happen; however, a decision as to the preferred approach is planned to be made by the end of the year.

Currently, non-corporate Commonwealth entities are only required to implement the top four of the Essential Eight, while the other four are only recommended. 

Getting these entities to make the necessary changes to successfully implement all eight of the cyber security controls is quite ambitious. It’s been reported that non-corporate Commonwealth entities are still struggling to implement the top four and that less than 3/10 of these entities self-assessed that they were compliant.

Feedback is currently being sought from the 98 non-corporate Commonwealth entities which the proposal would effect. The responses are supposed to be returned by the end of June. After considering these and the various approaches taken in other jurisdictions, a decision will be made as to the preferred approach to progress the proposal. We will keep you updated with any news on this!

Copyright © 2019, K&L Gates LLP. All Rights Reserved.