In 2010, Stratsec, an Information Security Registered Assessor, undertook an audit of the Australian government's Department of Finance and Deregulation's online, cross-jurisdictional web portal, called GovDex. The portal, which falls under the Australian Government Information Management Office (AGIMO), is meant to help the government "facilitate integration, creation, and management between agencies and between government, business, and the community."
As with all government systems, it also needs to comply with the Australian government's Information Security Manual, which is where Stratsec comes in: to provide an independent assessment.
In particular, the assessment was meant to determine whether AGIMO and the Department of Finance could protect government information that has a classification of in-confidence (a non-national security classification that is now being phased out).
The report (PDF) has only come to light today, as part of a Freedom of Information (FOI) request made by an unknown applicant. And it shows nothing.
Of the report, almost all of it is blacked out. In fact, whoever requested the document can only speculate that something wasn't quite right, given the number of columns that are shaded red or orange.
GovDex is due for an overhaul, which doesn't appear to be for any outstanding security issues.
The system shares confidential documents and information, and has been set up to service users who are not necessarily tech savvy.