Skip to main content

The Administrative Arrangements Order of 3 August 2023 transferred responsibility for protective security policy, including the Protective Security Policy Framework, to the Department of Home Affairs from the Attorney-General’s Department. These Machinery of Government (MOG) changes commenced on 4 August 2023.

Policy amendment – Access to information

PSPF Policy 9: Access to Information has been amended to allow entities to disclose sensitive information to a person outside government, with additional guidance provided to help entities identify circumstances that might indicate the need to use a written agreement to protect sensitive information (see amended Requirement 1). Minor amendments also clarify the guidance on access to caveated information and the list of Australian office holders who are not required to hold a security clearance.

Go to Access to information page to read the revised policy.

Policy amendment – Safeguarding information from cyber threats

Policy 10: Safeguarding information has been amended to reflect recent changes to the Australian Government Information Management Manual (ISM) and the Essential Eight maturity model.

In particular:

  • the core requirement was amended to require entities to consider all of the strategies to mitigate cyber security incidents, while continuing to mandate the Top Four
  • we removed the supporting requirements that established specific controls to implement the Top Four, as these are specified in the ISM.

Entities are encouraged to seek technical advice from the Australian Cyber Security Centre (ACSC) and the ISM.

Go to Safeguarding information from cyber threats page to read the revised policy.