The Protective Security Policy Framework
The Protective Security Policy Framework (PSPF) has been developed to assist Australian Government entities to protect their people, information and assets, at home and overseas.
The PSPF articulates government protective security policy. It also provides guidance to entities to support the effective implementation of the policy across the areas of security governance, personnel security, physical security and information security.
In 2018, the Attorney-General reissued the Directive on the Security of Government Business to reflect the new PSPF. The directive articulates the government's requirements for protective security to be a business enabler that supports entities to work together securely, in an environment of trust and confidence. The directive establishes the PSPF as a policy of the Australian Government, which non-corporate Commonwealth entities are required to apply as it relates to their risk environment. The PSPF represents better practice for corporate Commonwealth entities and wholly-owned Commonwealth companies.
The PSPF is applied through a security risk management approach, with a focus on fostering a positive culture of security within the entity and across the government.
The PSPF consists of:
- Five principles that apply to every area of security. These are fundamental values that represent what is desirable for all entities – security principles guide decision making.
- Four outcomes that outline the desired end-state results the government aims to achieve. Desired protective security outcomes relate to security governance, as well as information, personnel and physical security
- Sixteen core requirements that articulate what entities must do to achieve the government's desired protective security outcomes.
- Most core requirementshave a number of supporting requirements that are intended to facilitate a standardised approach to implementing security across government.
- Guidance that provides advice on how PSPF requirements can be delivered.