Security

Important mandatory requirement information

This is a Mandatory Requirement. View all Mandatory Requirements…

Relevant mandates

The Protective Security Policy Framework, Attorney General's Department

Given the increasing reliance on Information and Communications Technology (ICT) to deliver government services, electronic information security is an increasingly important element of the overall protective security framework for the Australian Government.

It is vital that you consider the security of your ICT systems and have policies and plans in place to ensure they are adequately protected. Even unclassified systems should be protected to make sure you maintain a reliable and accurate service.

Why must I?

The Australian Government Protective Security Policy Framework (PSPF), published by the Attorney General’s Department, outlines four core protective security policies, covering governance, personnel, physical and information security for which Chief Executive Officers are responsible within their own government agencies. It includes 33 mandatory protective security requirements for agencies.

Information security includes the requirement to actively manage security risks associated with electronic data transmission, aggregation and storage.

What must I do?

The PSPF provides the policy framework, including prescribed mandatory requirements, to assist agencies consider the security implications of their ICT systems and to devise policies and plans to ensure the systems are appropriately protected.

How do I?

The PSPF refers agencies to the Australian Government Information Security Manual (ISM) published by the Defence Signals Directorate (DSD) for guidance.

The aim of the ISM is to provide a risk managed approach to the protection of information in government ICT systems. It provides guidance to agencies on how to determine security measures for their systems whether the services are managed by the agency or outsourced, and sets out technical measures for agencies to implement.

The ISM also provides details of other organisations that have a role in information security in government including the National Audit Office that undertakes regular performance audits on information security in government agencies.

Following the most recent performance audit on information security, The protection and security of electronic information held by Australian Government agencies Audit Report was released in March 2011. It includes Better Practice examples for security awareness training, network security management and controls for system access.

Subjects:

Security

Last Reviewed: 2011-05-02

Leave feedback about this page

Navigation

Home

External Resources

Cloud computing security considerations (Defence Signals Directorate)
DSD Gateway certification guide (Defence Signals Directorate)
ICT Security - AGIMO (Department of Finance and Deregulation)
Information technology - Security techniques - Information security management systems - Requirements AS/NZS ISO/IEC 27001:2006 (Standards Australia via SAI Global)
The protection and security of electronic information held by Australian Government agencies (Audit Report No.33 2010-2011) (Australian National Audit Office)
Stay Smart Online (Department of Broadband, Communications and the Digital Economy)
Scamwatch (Australian Competition and Consumer Commission (ACCC))
Onsecure - online security resources and incident reporting system for agencies (Finance and DSD)

Contacts

PSPF (Attorney General's Dept)
pspf@ag.gov.au
To report a cyber incident or for advice and assistance from DSD
Tel: 1300 CYBER1 (1300 292 371)
assist@dsd.gov.au
Online Services Team
Tel: (02) 6215 1653
webpublishing@finance.gov.au

Web Guide