The Act establishes mandatory security standards for smart devices; mandatory obligations on certain businesses to report ransomware and cyber extortion payments; a 'limited use’' obligation that restricts how cyber security information voluntarily provided to the National Cyber Security Coordinator can be used and disclosed; and the establishment of a Cyber Incident Review Board to conduct post-incident reviews into significant cyber security incidents. It is part of the Cyber Security Legislative Package 2024, intended to implement seven initiatives under the 2023-2030 Australian Cyber Security Strategy, which aims to address legislative gaps to bring Australia in line with international best practice and help ensure Australia is on track to become a global leader in cyber security. Legislation, Standards and Codes may be linked to one or more of the University's compliance frameworks either as the driver of the requirements, or as a component of the framework. The relevant frameworks are listed below.Cyber Security Act 2024 (Cth) - Level 1
Relevant Compliance Frameworks
Summary