Australian Government - Attorney-General's Department

Protective Security Policy Framework

Skip breadcrumbHome

The Protective Security Policy Framework

The Protective Security Policy Framework (PSPF) has been developed to assist Australian Government entities to protect their people, information and assets, at home and overseas.

The PSPF articulates government protective security policy. It also provides guidance to entities to support the effective implementation of the policy across the areas of security governance, personnel security, physical security and information security.

In 2018, the Attorney-General reissued the Directive on the Security of Government Business to reflect the new PSPF. The directive articulates the government's requirements for protective security to be a business enabler that supports entities to work together securely, in an environment of trust and confidence. The directive establishes the PSPF as a policy of the government, which non-corporate Commonwealth entities are required to apply as it relates to their risk environment.

The PSPF represents better practice for corporate Commonwealth entities and wholly-owned Commonwealth companies.

The PSPF is applied through a security risk management approach, with a focus on fostering a positive culture of security within the entity and across the government.

The PSPF consists of:

  • Five principles that apply to every area of security. These are fundamental values that represent what is desirable for all entities – security principles guide decision making.
  • Four outcomes that outline the desired end-state results the government aims to achieve. Desired protective security outcomes relate to security governance, as well as information, personnel and physical security
  • Sixteen core requirements that articulate what entities must do to achieve the government's desired protective security outcomes.
    • Most core requirements have a number of supporting requirements that are intended to facilitate a standardised approach to implementing security across government.
  • Guidance that provides advice on how PSPF requirements can be delivered.

Governance

GOVERNANCE

Each entity manages security risks and supports a positive security culture in an appropriately mature manner ensuring: clear lines of accountibility, sound planning, investigation and response, assurance and review processes, and proportionate reporting.

Read more...

Personnel

PERSONNEL SECURITY

Each entity ensures its employees and contractors are suitable to access Australian Government resources, and meet an appropriate standard of integrity and honesty.

Read more...

Information

INFORMATION SECURITY

Each entity maintains the confidentiality, integrity and availability of all official information.

Read more...

Physical

PHYSICAL SECURITY

Each entity provides a safe and secure physical environment for their people, information and assets.

Read more...

​​
​​​​​​​​​​​​​​​​​​​​​​​