Rules Mate

Government cyber incident reporting via ASD ACSC

Federal entities + critical infrastructure report cyber incidents to ASD ACSC.

highcurrentevent driven

Who must comply

Federal agencies + critical infrastructure entities.

What triggers it

Cyber incident with potential impact.

When due

ASAP; statutory 12-72h for SOCI.

Evidence required

ASD ACSC incident report; internal investigation record.

Max penalty

Statutory requirement under SOCI for CI; PSPF compliance for agencies

Summary

Federal agencies + Commonwealth-funded entities report cyber incidents to ASD's Australian Cyber Security Centre (ACSC). Mandatory for critical infrastructure under SOCI; voluntary but expected for others. Information sharing supports national threat intelligence.

Enforced by

Source legislation

Topics

cybersociincident-reporting

Related obligations

Frequently asked questions

Who must comply with Government cyber incident reporting via ASD ACSC?
Federal agencies + critical infrastructure entities.
What triggers Government cyber incident reporting via ASD ACSC?
Cyber incident with potential impact.
When is Government cyber incident reporting via ASD ACSC due?
ASAP; statutory 12-72h for SOCI.
What is the maximum penalty for Government cyber incident reporting via ASD ACSC?
Statutory requirement under SOCI for CI; PSPF compliance for agencies
What evidence is required for Government cyber incident reporting via ASD ACSC?
ASD ACSC incident report; internal investigation record.

Source: https://www.cyber.gov.au/report. Rules Mate is not a law firm. Always verify against the live regulator source before acting.