ICT & Cyber Security
Identification, protection, and remediation of security incidents on ICT systems and digital networks.
Entry Level
OFFICIAL / OFFICIAL:Sensitive5 itemsEssential Eight ML1
Implement ASD Essential Eight mitigation strategies at Maturity Level 1 across corporate ICT systems.
ICT Security Policy
Develop and maintain an ICT security policy covering acceptable use, access management and incident response.
Email Security
Implement email security controls including SPF, DKIM, DMARC and anti-phishing measures.
Endpoint Protection
Deploy endpoint protection solutions including antivirus, EDR and device encryption on all endpoints.
Backup & Recovery
Implement data backup and recovery procedures with regular testing of restoration capabilities.
Level 1
PROTECTED5 itemsEssential Eight ML2
Achieve ASD Essential Eight Maturity Level 2 across all ICT systems used for Defence correspondence.
Network Certification
Obtain network certification for systems handling PROTECTED information.
ISO 27001 Alignment
Align information security management system with ISO/IEC 27001:2022 requirements.
Vulnerability Management
Implement continuous vulnerability management program with regular scanning and patching.
Security Monitoring
Deploy security monitoring and logging across all systems with centralised log management.
Level 2
SECRET3 itemsSECRET Network
Establish and maintain a certified SECRET network with appropriate security controls and monitoring.
Essential Eight ML2+
Achieve Essential Eight Maturity Level 2 or higher with enhanced controls for SECRET systems.
Penetration Testing
Conduct regular penetration testing of networks and systems handling classified information.
Level 3
TOP SECRET2 itemsTOP SECRET Network
Establish and maintain a certified TOP SECRET network with the highest level of security controls.
Essential Eight ML3
Achieve ASD Essential Eight Maturity Level 3 across all classified systems.