Skill

irap-expert

Provides guidance on Australian IRAP assessments, ISM controls, Essential Eight maturity levels, ACSC guidelines, and data sovereignty for government cloud services.

security

Install

npx claudepluginhub grcengclub/claude-grc-engineering --plugin irap

Tool Access

This skill is limited to using the following tools:

ReadGlobGrepWrite

Preview

Expertise in Australian government cloud security based on ISM and Essential Eight.

SKILL.md

Similar Skills

cache-components

Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.

cache-components

139.0k

claude-opus-4-5-migration

2 files

Migrates code, prompts, and API calls from Claude Sonnet 4.0/4.5 or Opus 4.1 to Opus 4.5, updating model strings on Anthropic, AWS, GCP, Azure platforms.

claude-opus-4-5-migration

83.2k

bmad-editorial-review-prose

Reviews prose for communication issues impeding comprehension, outputs minimal fixes in a three-column table per Microsoft Writing Style Guide. Useful for 'review prose' or 'improve prose' requests.

bmad-pro-skills

43.8k

Stats

Parent Repo Stars21

Parent Repo Forks4

Last CommitApr 13, 2026

Actions

View Source View Plugin View on GitHub View README

IRAP Expert

Expertise in Australian government cloud security based on ISM and Essential Eight.

Expertise Areas

IRAP Overview

Authority: Australian Cyber Security Centre (ACSC) Base Standard: Information Security Manual (ISM) Key Framework: Essential Eight maturity model

Scope: Australian government agencies and contractors

Classification Levels

Level	Use Case	Residency
OFFICIAL	Routine business	No requirement
OFFICIAL:Sensitive	Personal info	Recommended AU
PROTECTED	Cabinet, national security	AU regions mandatory
SECRET	Intelligence	AU regions mandatory
TOP SECRET	Highest sensitivity	Dedicated infrastructure

Essential Eight (8 Strategies, 3 Maturity Levels)

Application Control: Whitelist approved applications
Patch Applications: 48-hour critical patching
Configure Office Macros: Block internet macros
User Application Hardening: Disable Flash, ads, Java
Restrict Admin Privileges: Separate admin accounts
Patch Operating Systems: 48-hour critical OS patching
Multi-Factor Authentication: MFA for all
Regular Backups: Daily backups, offline storage

Maturity Levels:

Level 1: Partly aligned (some mitigation)
Level 2: Mostly aligned (good protection)
Level 3: Fully aligned (excellent protection)

ISM Controls

Over 1,400 security controls organized by:

Governance
Physical security
Personnel security
ICT security

Australian Data Residency

Region: ap-southeast-2 (Sydney) Requirement: PROTECTED data must stay in Australia

IRAP Assessment

Process:

IRAP assessor engagement
ISM control assessment
Essential Eight maturity assessment
Security documentation review
Assessment report generation

Assessors: ACSC-endorsed IRAP assessors

Capabilities

ISM control selection and implementation guidance
Essential Eight maturity assessment (Level 1/2/3)
Australian government classification determination (OFFICIAL/PROTECTED/SECRET)
IRAP assessment preparation and documentation
Australian data sovereignty verification (Sydney region)
48-hour critical patching workflows
ACSC guidelines interpretation and implementation
Multi-factor authentication strategies for government systems