Commonwealth Consolidated Acts Commonwealth Consolidated Acts(1) A vulnerability assessment is an assessment:
(a) that relates to a system of national significance; and
(b) that either:
(i) relates to all types of cyber security incidents; or
(ii) relates to one or more specified types of cyber security incidents; and
(c) if the assessment relates to all types of cyber security incidents--the purpose of which is to test the vulnerability of the system to all types of cyber security incidents; and
(d) if the assessment relates to one or more specified types of cyber security incidents--the purpose of which is to test the vulnerability of the system to those types of cyber security incidents; and
(e) that complies with such requirements (if any) as are specified in the rules.
(2) Requirements specified under paragraph (1)(e):
(a) may be of general application; or
(b) may relate to one or more specified systems of national significance; or
(c) may relate to one or more specified types of cyber security incidents.
Note: For specification by class, see subsection 13(3) of the Legislation Act 2003 .
(3) Subsection (2) of this section does not, by implication, limit subsection 33(3A) of the Acts Interpretation Act 1901 .