Australia IRAP - Information Security Registered Assessors Program
The Information Security Registered Assessors Program (IRAP) is an Australian Government initiative administered by the Australian Signals Directorate (ASD). IRAP provides a framework for assessing the implementation and effectiveness of security controls against the Australian Government Information Security Manual (ISM). IRAP assessors are endorsed by ASD to conduct security assessments for Australian Government agencies and cloud service providers seeking to host government data. Assessment against ISM controls at OFFICIAL, PROTECTED, and SECRET levels.
Get the official standard — this page is an AI-assisted companion tool, not a replacement for the authoritative text.
Visit cyber.gov.auFramework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (4)
Assessment Methodology
The four IRAP Common Assessment Framework stages.
| Code | Title |
|---|---|
| IRAP-CAF-1 | Stage 1 - Plan and prepare |
| IRAP-CAF-2 | Stage 2 - Define the assessment boundary |
| IRAP-CAF-3 | Stage 3 - Assess the controls |
| IRAP-CAF-4 | Stage 4 - Produce the IRAP assessment report |
Assessment Outcomes
Control-effectiveness determination, authorisation and continuous assurance.
| Code | Title |
|---|---|
| IRAP-OUT-1 | Control effectiveness determination |
| IRAP-OUT-2 | Authority to Operate decision support |
| IRAP-OUT-3 | Continuous monitoring and reassessment |
Evidence and Quality
Evidence quality, sampling and objectivity principles.
| Code | Title |
|---|---|
| IRAP-EV-1 | Quality of evidence |
| IRAP-EV-2 | Evidence gathering and sampling |
| IRAP-EV-3 | Objectivity of findings |
| IRAP-EV-4 | Document evidence limitations |
IRAP Assessor Program
ASD endorsement, qualifications, training and independence of IRAP assessors.
| Code | Title |
|---|---|
| IRAP-AS-1 | ASD endorsement as an IRAP assessor |
| IRAP-AS-2 | Assessor qualifications and experience |
| IRAP-AS-3 | IRAP training and examination |
| IRAP-AS-4 | Independence and conflict of interest |
| IRAP-AS-5 | Objectivity and professional conduct |
Your Compliance Coverage
If you comply with Australia IRAP - Information Security Registered Assessors Program, you already cover:
Maps to 3 other frameworks
Frequently Asked Questions
What is Australia IRAP - Information Security Registered Assessors Program?
Australia IRAP - Information Security Registered Assessors Program is a compliance framework from Australia (ASD) with 4 domains and 16 controls. The Information Security Registered Assessors Program (IRAP) is an Australian Government initiative administered by the Australian Signals Directorate (ASD). IRAP provides a framework for assessing the implementation and effectiveness of security controls against the Australian Government Information Security Manual (ISM). IRAP assessors are endorsed by ASD to conduct security assessments for Australian Government agencies and cloud service providers seeking to host government data. Assessment against ISM controls at OFFICIAL, PROTECTED, and SECRET levels. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Australia IRAP - Information Security Registered Assessors Program have?
Australia IRAP - Information Security Registered Assessors Program has 16 controls organised across 4 domains. The largest domains are IRAP Assessor Program (5 controls), Assessment Methodology (4 controls), Evidence and Quality (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Australia IRAP - Information Security Registered Assessors Program map to?
Australia IRAP - Information Security Registered Assessors Program maps to 3 other compliance frameworks. The top mapping partners are NIST SP 800-53 Rev 5 (88% coverage), Australian Information Security Manual (31% coverage), NIST Cybersecurity Framework 2.0 (13% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with Australia IRAP - Information Security Registered Assessors Program compliance?
Start your Australia IRAP - Information Security Registered Assessors Program compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Australia IRAP - Information Security Registered Assessors Program requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 16 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 700 frameworks.
Get Started Free →Free forever — no credit card required