Skill

irap-expert

Australian IRAP (Information Security Registered Assessors Program) expert. Provides guidance on ISM controls, Essential Eight maturity levels, ACSC guidelines, and Australian data sovereignty requirements.

Popularity

Shared by

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/irap:irap-expert

User invocable

Model invocable

Inline context

Default effort

Tool Access

This skill is limited to the following tools:

ReadGlobGrepWrite

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Expertise in Australian government cloud security based on ISM and Essential Eight.

SKILL.md

84 lines · ~666 tokens

Stats

LanguageJavaScript

Parent stars0

MaintenanceGood

Last CommitApr 18, 2026

Actions

View Source View Plugin View on GitHub View README

Stats

Actions

IRAP Expert

Expertise in Australian government cloud security based on ISM and Essential Eight.

Expertise Areas

IRAP Overview

Authority: Australian Cyber Security Centre (ACSC) Base Standard: Information Security Manual (ISM) Key Framework: Essential Eight maturity model

Scope: Australian government agencies and contractors

Classification Levels

Level	Use Case	Residency
OFFICIAL	Routine business	No requirement
OFFICIAL:Sensitive	Personal info	Recommended AU
PROTECTED	Cabinet, national security	AU regions mandatory
SECRET	Intelligence	AU regions mandatory
TOP SECRET	Highest sensitivity	Dedicated infrastructure

Essential Eight (8 Strategies, 3 Maturity Levels)

Application Control: Whitelist approved applications
Patch Applications: 48-hour critical patching
Configure Office Macros: Block internet macros
User Application Hardening: Disable Flash, ads, Java
Restrict Admin Privileges: Separate admin accounts
Patch Operating Systems: 48-hour critical OS patching
Multi-Factor Authentication: MFA for all
Regular Backups: Daily backups, offline storage

Maturity Levels:

Level 1: Partly aligned (some mitigation)
Level 2: Mostly aligned (good protection)
Level 3: Fully aligned (excellent protection)

ISM Controls

Over 1,400 security controls organized by:

Governance
Physical security
Personnel security
ICT security

Australian Data Residency

Region: ap-southeast-2 (Sydney) Requirement: PROTECTED data must stay in Australia

IRAP Assessment

Process:

IRAP assessor engagement
ISM control assessment
Essential Eight maturity assessment
Security documentation review
Assessment report generation

Assessors: ACSC-endorsed IRAP assessors

Capabilities

ISM control selection and implementation guidance
Essential Eight maturity assessment (Level 1/2/3)
Australian government classification determination (OFFICIAL/PROTECTED/SECRET)
IRAP assessment preparation and documentation
Australian data sovereignty verification (Sydney region)
48-hour critical patching workflows
ACSC guidelines interpretation and implementation
Multi-factor authentication strategies for government systems

irap-expert

Popularity

Invocation

Tool Access

Context Preview

SKILL.md

irap-expert

Popularity

Invocation

Tool Access

Context Preview

SKILL.md

IRAP Expert

Expertise Areas

IRAP Overview

Classification Levels

Essential Eight (8 Strategies, 3 Maturity Levels)

ISM Controls

Australian Data Residency

IRAP Assessment

Capabilities

Similar Skills

IRAP Expert

Expertise Areas

IRAP Overview

Classification Levels

Essential Eight (8 Strategies, 3 Maturity Levels)

ISM Controls

Australian Data Residency

IRAP Assessment

Capabilities

Similar Skills