SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Secure cloud with shields digital security icons over australian map
#
Data Protection
#
Digital Transformation
#
Encryption

CyberArk achieves Protected IRAP assessment for Australian cloud security

Wed, 6th Aug 2025
Author image
By Melvin Hipolito, Editor

CyberArk has completed the InfoSec Registered Assessors Program (IRAP) assessment at the "Protected" information classification level in Australia for its cloud-based security solutions.

The IRAP framework, managed by the Australian Signals Directorate (ASD), provides a standard for assessing how well a system's security controls align with the Australian Government Information Security Manual (ISM). Successful completion of this assessment is vital for technology providers aiming to support federal, state, and local government agencies in Australia, particularly for processing, storing, and transmitting sensitive data classified as "Protected."

CyberArk's Endpoint Privilege Manager and Workforce Identity platforms were the technologies assessed under IRAP. With completion at the Protected level, public sector bodies can be assured that these products conform to national requirements for safeguarding critical infrastructure and government assets.

Assurance for public sector

Compliance with the Protected level of IRAP requirements is viewed as essential for government agencies and critical infrastructure organisations, as data classified at this level typically concerns national interests, law enforcement, or sensitive personal information. Providers that meet this standard demonstrate the capability to support government clients moving towards digital and cloud solutions while maintaining strict controls and oversight.

"Evolving state-sponsored threats demand the highest levels of security for Australia's public sector organisations and critical infrastructure. As government agencies move to modernise operations and embrace cloud-first strategies, identity security must be a top priority. Completing the IRAP assessment assures that CyberArk's SaaS offerings meet stringent national standards and are well-equipped to protect Australia's most sensitive assets from identity-centric attacks."

This perspective was outlined by Peretz Regev, Chief Product & Technology Officer at CyberArk.

Security controls and industry alignment

The IRAP program's evaluation covered CyberArk's processes for security control implementation, operation, and ongoing effectiveness as mandated by the ISM. These measures include privileged access control, data encryption, threat monitoring, and incident response capabilities.

CyberArk states that its Identity Security Platform, along with Endpoint Privilege Manager and Workforce Identity, utilises intelligent privilege management to oversee both human and machine identities. The platform features continuous threat detection and prevention throughout the identity lifecycle.

According to CyberArk, organisations adopting these services are able to reduce security and operational risk. Covered controls are in place for the auditing and management of access to resources across government departments and critical services, supporting secure adoption of cloud-first technologies.

Global and local requirements

Beyond the IRAP Protected assessment, CyberArk highlights compliance with several global standards, including FedRAMP High and SOC 2/3, aiming to assure customers of its alignment with international norms for security and privacy.

The assessment provides additional confidence to government and large enterprise customers in Australia, seeking cloud solutions that meet strict national standards as required for protecting sensitive and critical information.

Managing emerging threats

With the increasing frequency of targeted attacks and heightened interest from state-sponsored threat actors, identity and access management have become central focuses for public sector cybersecurity strategies. The assurance from IRAP Protected enables government departments and agencies to proceed with digital transformation plans, confident in the suitability and security posture of the chosen technology provider.

CyberArk's completion of the IRAP assessment at the Protected level follows ongoing efforts within the Australian government to modernise security controls and improve alignment with best practices for digital infrastructure resilience and risk management.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Time to call up AI reinforcements in the cyber wars
Fujitsu appoints Kendy Hau to lead Defence for Oceania region
Macquarie Telecom & Fortinet launch unified secure network solution
Infotrust debuts on ASX, unifying cyber & IT services focus
2026 trends: AI’s impact on advertising strategy and execution

Top stories

LexisNexis launches enhanced IDVerse with deepfake detection
Aisuru botnet drives record surge in DDoS attacks worldwide
Abnormal AI named a leader again in 2025 Gartner email security
Gallagher Security wins OSPA for High Sec C7000 controller
Ransomware tactics shift as manufacturing faces data theft surge