What is the security status of arc.gov.au?

arc.gov.au has a security score of 54/100, rated as Moderate Risk. The website may have security concerns that should be addressed.

Is arc.gov.au safe to use?

Our security scan shows arc.gov.au is Moderate Risk. SSL security issues detected. Always practice safe browsing habits.

Does arc.gov.au have viruses?

Our comprehensive security scan analyzes multiple security factors. Based on the overall security score of 54/100, the website is rated as Moderate Risk. However, websites can change over time, so always use updated security software.

What is arc.gov.au's trust score?

arc.gov.au has a security score of 54/100. This score is based on multiple factors including SSL security, security headers, DNS health, and compliance checks.

Is arc.gov.au Safe? Security Analysis for Australian Research Council

https://arc.gov.au

Check if arc.gov.au is a scam or legitimate. Free security scan and reviews.

GovernmentAustraliamedium

Drupal 10GovCMSGoogle AnalyticsGoogle Tag ManagerBootstrap+1 more

Analyzed 9/7/2025Completed 3:37:12 AM

Security Score

MEDIUM RISK

AI Summary

The Australian Research Council (ARC) is a key Australian government entity responsible for administering national research funding programs and evaluating research excellence. The website serves as a comprehensive portal for researchers, universities, and government stakeholders to access funding schemes, grant management tools, and research evaluation systems. The ARC maintains a strong market position as a trusted government agency supporting research and innovation in Australia. Technically, the website is built on Drupal 10 and GovCMS, leveraging modern frameworks like Bootstrap and integrating Google Analytics and Tag Manager for analytics. The site is mobile-optimized, accessible, and professionally designed, reflecting a mature digital infrastructure consistent with government standards. Security posture is solid with HTTPS enforced, multi-factor authentication for critical systems, and a published security vulnerability disclosure policy. However, the absence of security headers and cookie consent mechanisms indicates areas for improvement in compliance and defense-in-depth. The WHOIS data is privacy protected but consistent with government domain norms, supporting legitimacy. Overall, the ARC website is a high-quality, trustworthy government resource with minor gaps in privacy compliance and security headers. Strategic enhancements in these areas would further strengthen its security posture and user trust.

Detected Technologies

Drupal 10GovCMSGoogle AnalyticsGoogle Tag ManagerBootstrapFontAwesome

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

ARC operates as a government funding agency with a focus on research excellence and impact. Its competitive advantage lies in its authoritative role in funding allocation and research evaluation across Australia. The business model is primarily government-funded, targeting academic and research institutions. The website ecosystem includes partner services like RMS, SEER, and Data Portal, enhancing its service delivery. Growth indicators include ongoing funding announcements and strategic policy publications. The ARC's operations are tightly integrated with government frameworks, ensuring stable market presence and influence.

Security Posture Analysis

Comprehensive Security Assessment

The ARC website demonstrates a mature security posture with HTTPS enforced and multi-factor authentication for sensitive systems. The presence of a security vulnerability disclosure policy indicates proactive security management. However, the lack of security headers such as Content Security Policy and HSTS reduces defense-in-depth. No exposed sensitive data or vulnerable libraries were detected. The absence of direct incident response contact emails and cookie consent mechanisms are compliance gaps. Overall, the security maturity is good but could benefit from enhanced header policies and privacy compliance measures.

Strategic Recommendations

Priority Actions for Security Improvement

Implement comprehensive security headers including CSP, HSTS, X-Frame-Options, and X-Content-Type-Options.

✨Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

Australian Research Council

Description:

The Australian Research Council (ARC) is a Commonwealth entity within the Australian Government established as an independent body supporting the research sector to produce excellent and impactful outcomes for Australia’s economic, social, environmental and cultural benefit.

Key Services:

National Competitive Grants Program administrationResearch funding schemesResearch evaluation (ERA, EI, SEER)Grant management servicesData portal and research insights

Content Quality:

excellent

Branding:

consistent

Technical Stack

Technologies:

Drupal 10GovCMSGoogle AnalyticsGoogle Tag ManagerBootstrapFontAwesome

Frameworks:

Bootstrap

Platforms:

GovCMS (Australian government hosting platform)

Performance:

moderate

Mobile:

excellent

Accessibility:

good

SEO:

good

Security Assessment

Security Score:

85/100

Best Practices:

HTTPS enforced
Multi-factor authentication for RMS and SEER systems
Security Vulnerability Disclosure Policy published
Anonymize IP in Google Analytics

Analytics & Tracking

Services:

Google AnalyticsGoogle Tag Manager

Tracking Level:moderate

Privacy Compliance:basic

Advertising & Marketing

Marketing Tools:

Monsido (accessibility and content monitoring)

Transparency Level:basic

Website Quality Assessment

Design Quality:excellent

User Experience:excellent

Content Relevance:excellent

Navigation Clarity:excellent

Professionalism:excellent

Trustworthiness:high

Key Observations

Website is a professionally maintained Australian government research funding portal.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

0/100

Score

Analysis failed - content could not be retrieved

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

35/100

Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

80/100

Score

Complex SPF record

LOW

Too many include statements can cause lookup limits

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

SPF

Sender Policy Framework

DKIM

DomainKeys Identified Mail

DMARC

Domain-based Message Authentication

MX Records

Mail Exchange Records

BIMI

Brand Indicators

MTA-STS

Mail Transfer Agent Security

TLS-RPT

TLS Reporting

DNSSEC

DNS Security

SPF Details

Record:

v=spf1 ip4:124.47.154.30 ip4:20.92.89.246 ip4:202.158.222.220 ip4:202.158.222.230 ip4:138.44.172.6 ip4:138.44.161.98 include:mailrelay.t1cloud.com include:stspg-customer.com include:spf.protection.outlook.com include:spf.dynect.net include:spf1.govcms.gov .au include:_spf.createsend.com include:spf.mandrillapp.com -all

DNS Lookups:7/10

Policy:-all

DKIM Selectors Found

Selector:k2(1416-bit rsa)

Selector:selector2(1296-bit rsa)

DMARC Details

Policy:quarantine

Subdomain Policy:quarantine

Aggregate Reports:arc-dmarc@arc.gov.au

Forensic Reports:arc-dmarc@arc.gov.au

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

0/100

Score

Unable to retrieve SSL certificate

CRITICAL

Could not establish secure connection to retrieve certificate information

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

80/100

Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

Domain Transfer Lock Not Enabled

MEDIUM

Domain can be transferred without authorization

Domain Registration Details

Protection Level

moderateDNSSEC OFF

DNS Records

A Records:54.252.75.26, 13.236.242.190, 54.206.239.18

Name Servers:

ns1-03.azure-dns.com

ns2-03.azure-dns.net

ns3-03.azure-dns.org

ns4-03.azure-dns.info

MX Records:

5: arc-gov-au.mail.protection.outlook.com

SOA:Serial: 2005061652, TTL: 1800s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:101ms

SPF Analysis

SPF Record:

⚡Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100

Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website uses a modern and robust technical stack based on Drupal 10 and GovCMS, supported by Bootstrap for responsive design. Integration with Google Analytics and Tag Manager enables effective user tracking and analytics. The site is hosted on a government platform ensuring reliability and compliance. Performance is moderate with good mobile optimization and accessibility features. Technical debt appears low with current technologies, but improvements in security headers and privacy compliance are recommended to reduce risk and enhance user trust.

Analyze Another Website

Is arc.gov.au a Scam? Security Check Results - Australian Research Council Reviews

Is arc.gov.au Safe? Security Analysis for Australian Research Council

AI Summary

Detected Technologies

🧠AI Business Intelligence

Business Intelligence

Security Posture Analysis

Strategic Recommendations

✨Observations

AI-Enhanced Website Analysis

Business Insights

Technical Stack

Security Assessment

Analytics & Tracking

Advertising & Marketing

Website Quality Assessment

Key Observations

🛡️Security Headers

Security Headers

👤GDPR Compliance

GDPR Compliance

No Cookie Policy found

No Cookie Consent Banner found

No Data Protection Officer mentioned

Privacy policy may not be GDPR compliant

GDPR Compliance Analysis

🛡️NIS2 Compliance

NIS2 Compliance

No information security framework found

No security policy documentation found

No incident response procedures found

No business continuity planning found

No security contact information

No NIS2 reference found

📧Email Security

Email Security

Complex SPF record

No BIMI Record

No MTA-STS Policy

No TLS-RPT Record

SPF Details

DKIM Selectors Found

DMARC Details

🏆SSL/TLS Security

SSL/TLS Security

Unable to retrieve SSL certificate

OCSP Status

📊DNS Health

DNS Health

DNSSEC Not Enabled

Domain Transfer Lock Not Enabled

Domain Registration Details

DNS Records

DNSSEC Status

DNS Performance

SPF Analysis

⚡Network Security

Network Security

Good Network Security Posture

🔧Technical Analysis

Technical Analysis

Additional Findings

Related Partner Domains

rms.arc.gov.au

seer.arc.gov.au

dataportal.arc.gov.au

www.grants.gov.au