Australian Government information security management protocol
The Australian Government information security management protocol specifies information security controls to be used to satisfy the information security mandatory requirements. The protocol needs to be applied in conjunction with an agency's other governance activities, strategies and business plans. The protocol, Australian Signals Directorate's Information Security Manual, standards and guidelines will inform the agency-specific information security policy and procedures.
This protocol applies to all entities applying the Protective Security Policy Framework. It covers all information assets owned by the Australian Government, or those entrusted to the Australian Government by third parties, within Australia.
This protocol covers:
- risk assessment and treatment
- agency information security policy and planning
- information security framework and external party access
- information asset classification, control and management
- operational security management
- information access controls and user management
- information systems acquisition, development and maintenance
- information security incident management
- business continuity management
The protocol is available to download below: