(Image: Mitchell Squire/Private Media)

Two key departments have refused to implement even the most basic cybersecurity requirements and wrongly claimed to have done so, a new report from the auditor-general shows -- elevating what has been a long-running public service debacle into open defiance by bureaucrats.

As Crikey has reported for years now, few government departments or agencies has ever complied with the four basic Australian Signals Directorate (ASD) cybersecurity requirements mandated for government in 2013.

Nearly eight years later, what are called the "Top Four" basic requirements remained widely unimplemented across departments and agencies. In 2017, they were rolled into a longer list, and it was decided to stop referring to "compliance" with the requirements -- given there was no apparent need for that word -- and instead referred to "maturity".