Australian Government - Attorney-General's Department

Security Policy

Achieving a Just and Secure Society

Skip breadcrumbHome » Information Security » Australian Government information security management protocol

Australian Government information security management protocol

The Australian Government information security management protocol specifies information security controls to be used to satisfy the information security mandatory requirements. The protocol needs to be applied in conjunction with an agency's other governance activities, strategies and business plans. The protocol, Australian Signals Directorate's Information Security Manual, standards and guidelines will inform the agency-specific information security policy and procedures.

This protocol applies to all entities applying the Protective Security Policy Framework. It covers all information assets owned by the Australian Government, or those entrusted to the Australian Government by third parties, within Australia.

This protocol covers:

  • risk assessment and treatment
  • agency information security policy and planning
  • information security framework and external party access
  • information asset classification, control and management
  • operational security management
  • information access controls and user management
  • information systems acquisition, development and maintenance
  • information security incident management
  • business continuity management
  • compliance.

The protocol is available to download below:

Featured Links