Publications library

The Protective Security Policy Framework 2019–20 Assessment Report is the second report using the 4-level security maturity model to measure implementation of the PSPF requirements.

All non-corporate Commonwealth entities submitted a PSPF maturity report for the 2018–19 reporting period.

All non-corporate Commonwealth entities submitted a PSPF compliance report for the 2017–18 reporting period

The PSPF reporting portal quick start guide provides an overview of how to access the PSPF online reporting portal and the annual assessment process.

This policy outlines the role and responsibilities of an accountable authority. They are responsible for and have control over the entity’s operations.

This policy details the management structures and responsibilities that provide a governance base for entities to make security decisions that will protect their people, information and assets.

This policy describes how to establish effective security planning, embed security into risk management practices and use security planning risk management to assist decision-making.

This policy describes how an entity monitors and assesses the maturity of their security risk culture and their ability to actively respond to emerging threats and changes in their security environment, while protecting their people, information and assets.

Entities must undertake an annual assessment of the maturity of their security capability and how they are implementing the PSPF core and supporting requirements. This policy sets out how to report and what information entities must include.

This policy guides how to assess and manage security risks when procuring goods and services. It supports the Commonwealth Procurement Rules that govern how entities procure goods and services.