Identity security built for the sensitivity of government.
We are Canberra-based, 100% Australian-owned, and have delivered identity and privilege programmes across federal and state government. We understand how identity controls map to your regulatory obligations and procurement environment.
increase in ASD cyber threat notifications to critical infrastructure entities in FY2024–25 — with over 190 notifications of potential malicious activity, up from the previous year.
Annual Cyber Threat Report 2024–25 // Australian Signals Directorate (ASD)
Built for government delivery.
We are not a general-purpose systems integrator. Identity and privilege is all we do, and we do it in the Australian government context.
Canberra-based
We work alongside your team in the capital. Our Canberra presence means we can embed with your team, attend meetings on short notice, and engage with your procurement and security teams directly.
100% Australian-owned
Sovereign delivery means no offshore processing of your data or designs. For agencies handling OFFICIAL:Sensitive and above, this is not optional. Every engagement is delivered by Australian citizens, in Australia.
Government procurement experience
We understand government procurement and are available through Azure Marketplace and other procurement vehicles. Contact us to discuss which arrangements suit your agency.
Government compliance frameworks
We understand government compliance frameworks — we design solutions fit for Government. Identity and access management sits at the centre of most government security assessments, and we help agencies design and document controls that satisfy assessors.
The identity challenges unique to government.
Government environments present a specific combination of security obligations, workforce complexity, and procurement constraints that commercial identity programmes do not address.
- Essential Eight compliance, particularly Restrict Administrative Privileges (ML1-ML3) and Multi-Factor Authentication
- IRAP assessment readiness: identity and access controls are a major focus area for assessors
- ISM (Information Security Manual) controls for access management and privileged account governance
- Machinery of Government (MoG) changes: rapid account migration and organisational restructuring
- Large contractor and vendor populations requiring managed privileged access to sensitive systems
- Multi-agency federation and cross-agency collaboration patterns requiring federated identity
- Separation of duties across ministerial, operational, and administrative roles
- Classification-aware access controls for OFFICIAL:Sensitive and above
What we deliver for government.
These are the engagements we most frequently deliver for federal and state government agencies.
Privileged Access Management
Privileged access management for critical government systems. Credential vaulting, just-in-time access, and session recording aligned to Essential Eight Restrict Administrative Privileges. Learn more
Identity Observability
Continuous visibility across your identity estate via Apporetum, our identity observability platform. Surface anomalies, stale access, and privilege creep before an assessor does. Learn more
Identity Maturity Assessment
Establish your Essential Eight identity baseline. We assess your current controls against ML1-ML3 requirements and produce a prioritised remediation roadmap. Learn more
Zero Trust Readiness
ACSC Zero Trust alignment for your agency. We assess your current architecture against ACSC guidance and identify the identity and access controls required to advance your maturity. Learn more
Architecture Advisory
Entra ID architecture for government environments. Tenant design, conditional access policy frameworks, and identity governance for complex multi-agency environments. Learn more
Identity and PAM map directly to three Essential Eight strategies.
Restrict Administrative Privileges
PAM controls, just-in-time access, and privileged account lifecycle management. The ACSC maturity model defines specific requirements at ML1, ML2, and ML3. We map your current controls and close the gaps.
Multi-Factor Authentication
MFA for all users, with particular attention to privileged accounts and internet-facing systems. Phishing-resistant MFA (passkeys, certificate-based) for higher assurance requirements.
Identity Governance
Regular access reviews, leaver processing, and entitlement lifecycle management underpin compliance with both Essential Eight and ISM requirements for access management.
The ACSC's guidance and maturity model define specific requirements at each level. We map your current controls against these requirements and deliver the engineering to close gaps. We have done this across multiple federal agencies.
Government IAM questions.
Available on BuyICT Panel.
Modern 42 is available through the BuyICT Panel arrangements in the Cyber Security category. If your agency procures through BuyICT, we can engage directly under these arrangements. Contact us to discuss how this applies to your procurement requirements.
100% Australian-owned. 100% Australian-delivered.
Every Modern 42 engagement is delivered by Australian citizens holding active AGSVA security clearances. Your identity architecture, your configuration, your data — all handled locally, with no offshore involvement at any stage.
Other sectors we work in.
Talk to our government team.
Are you concerned about the effectiveness of your current IAM and PAM tools or processes, addressing an audit finding or replacing legacy tooling such as MIM?