The Australian Signals Directorate and the Digital Transformation Agency announced on Monday that the former would, with immediate effect, cease to be the regulator for cloud providers who aspire to be certified for government services.
The AIIA said in a statement on Tuesday that the proposal to discontinue the Cloud Services Certification Program right away and nullify the list of certified cloud providers by 30 June could cause confusion in the absence of proper guidance and support to agencies.
Monday's announcement came after a review that commenced in July 2019. It means that every cloud provider that wants to bid for government contracts will have to satisfy the requirements laid down by the government agency in question.
"The mixed ability for small and even larger government agencies to conduct cyber-threat risk assessments may lead to risk adverse behaviours due to a lack of cyber skills in agencies resulting in a decline in adoption of latest cloud technologies and digital services," it added.
"We encourage the DTA and ACSC (Australian Cyber Security Centre) to support agencies to develop these capabilities or to share information through communities of interest.
The AIIA said it welcomed the expansion of the Information Security Registered Assessors Program if it were to "lead to improved confidence in the assessments by agencies of appropriate risk to enable latest cloud services adoption in their businesses".
"We support the government in ensuring the need for higher standards in the IRAP community to aid agency and industry confidence in the program," the statement said.