Skip to main content

The Administrative Arrangements Order of 3 August 2023 transferred responsibility for protective security policy, including the Protective Security Policy Framework, from the Attorney-General's Department to the Department of Home Affairs. These Machinery of Government (MOG) changes began on 4 August 2023.

The PSPF Reporting Portal will transfer to the Department of Home Affairs on 11 June 2024. Before 11 June 2024, all entities and users must set up new authentication credentials through VANguard. You can get more information by contacting the Government Protective Security Policy section at or the PSPF hotline on 02 5127 9999.

Structure of the Protective Security Policy Framework

The Protective Security Policy Framework (PSPF) is organised in a tiered structure of principles, outcomes, policies and guidance.

There are 5 principles that underpin the PSPF and apply to every area of security.

They are the fundamental values that represent what is desirable for all entities and guide how an entity makes decisions.

  1. Security is everyone’s responsibility. Developing and fostering a positive security culture is critical to security outcomes.
  2. Security enables the business of government. It supports the efficient and effective delivery of services.
  3. Security measures applied proportionately protect entities’ people, information and assets in line with their assessed risks.
  4. Accountable authorities own the security risks of their entity and the entity’s impact on shared risks.
  5. A cycle of action, evaluation and learning is evident in response to security incidents.

The PSPF consists of 4 outcomes that outline the desired end-state that the government wants entities to achieve.


Each entity manages security risks and supports a positive security culture in an appropriately mature manner ensuring:

  • clear lines of accountability
  • sound planning
  • investigation and response
  • assurance and review processes
  • proportionate reporting.


Each entity maintains confidentiality, integrity and availability of all official information.


Each entity ensures its employees and contractors are suitable to access Australian Government resources, and meet an appropriate standard of integrity and honesty.


Each entity provides a safe and secure physical environment for their people, information and assets.

Under the 4 outcomes are 16 policies, each of which have a core requirement.

The core requirements articulate what entities must do to achieve the government’s desired protective security outcomes.

Most core requirements also have supporting requirements. They help to create a standardised approach to implementing security across government.

Each policy includes guidance, which provides advice on how to effectively implement core and supporting requirements.





Download a copy of the PSPF on a Page for a visual representation of the PSPF structure.