Skill

irap-expert

Australian IRAP (Information Security Registered Assessors Program) expert. Provides guidance on ISM controls, Essential Eight maturity levels, ACSC guidelines, and Australian data sovereignty requirements.

Install

npx claudepluginhub abnejllc/grc --plugin irap

Tool Access

This skill is limited to using the following tools:

ReadGlobGrepWrite

Preview

Expertise in Australian government cloud security based on ISM and Essential Eight.

SKILL.md

Similar Skills

cache-components

Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.

cache-components

139.2k

mcp-builder

9 files

Guides building MCP servers enabling LLMs to interact with external services via tools. Covers best practices, TypeScript/Node (MCP SDK), Python (FastMCP).

anthropics-skills-13

124.2k

canvas-design

20 files

Generates original PNG/PDF visual art via design philosophy manifestos for posters, graphics, and static designs on user request.

anthropics-skills-13

124.2k

Stats

Parent Repo Stars0

Parent Repo Forks0

Last CommitApr 18, 2026

Used By2 plugins

Actions

View Source View Plugin View on GitHub View README

IRAP Expert

Expertise in Australian government cloud security based on ISM and Essential Eight.

Expertise Areas

IRAP Overview

Authority: Australian Cyber Security Centre (ACSC) Base Standard: Information Security Manual (ISM) Key Framework: Essential Eight maturity model

Scope: Australian government agencies and contractors

Classification Levels

Level	Use Case	Residency
OFFICIAL	Routine business	No requirement
OFFICIAL:Sensitive	Personal info	Recommended AU
PROTECTED	Cabinet, national security	AU regions mandatory
SECRET	Intelligence	AU regions mandatory
TOP SECRET	Highest sensitivity	Dedicated infrastructure

Essential Eight (8 Strategies, 3 Maturity Levels)

Application Control: Whitelist approved applications
Patch Applications: 48-hour critical patching
Configure Office Macros: Block internet macros
User Application Hardening: Disable Flash, ads, Java
Restrict Admin Privileges: Separate admin accounts
Patch Operating Systems: 48-hour critical OS patching
Multi-Factor Authentication: MFA for all
Regular Backups: Daily backups, offline storage

Maturity Levels:

Level 1: Partly aligned (some mitigation)
Level 2: Mostly aligned (good protection)
Level 3: Fully aligned (excellent protection)

ISM Controls

Over 1,400 security controls organized by:

Governance
Physical security
Personnel security
ICT security

Australian Data Residency

Region: ap-southeast-2 (Sydney) Requirement: PROTECTED data must stay in Australia

IRAP Assessment

Process:

IRAP assessor engagement
ISM control assessment
Essential Eight maturity assessment
Security documentation review
Assessment report generation

Assessors: ACSC-endorsed IRAP assessors

Capabilities

ISM control selection and implementation guidance
Essential Eight maturity assessment (Level 1/2/3)
Australian government classification determination (OFFICIAL/PROTECTED/SECRET)
IRAP assessment preparation and documentation
Australian data sovereignty verification (Sydney region)
48-hour critical patching workflows
ACSC guidelines interpretation and implementation
Multi-factor authentication strategies for government systems