Skip to main content


Under the PSPF, all non-corporate Commonwealth entities must report to their portfolio minister and the Attorney-General's Department each financial year on security.

Entities report on their level of maturity against:

  • the desired 4 protective security outcomes (security governance, information, personnel and physical security)
  • the 16 core requirements that articulate what entities must do to achieve the 4 protective security outcomes.

These reports assure government that entities continue to implement sound and responsible protective security practices, and identify and mitigate security risks and vulnerabilities.

Online reporting portal

The PSPF reporting portal allows Commonwealth entities to:

  • complete and submit their annual security maturity self‑assessment online
  • access benchmarking reports at the conclusion of the submission period
  • in future years, access assessments and reports from previous reporting periods.

Read our PSPF reporting portal – quick start guide for help getting started.

Whole-of-government assessment reporting

All non-corporate Commonwealth entities submitted a PSPF maturity report for the 2019–20 reporting period. In addition, 5 corporate Commonwealth entities voluntarily submitted maturity reports.

Read the PSPF 2019-20 whole-of-government maturity report

Compliance reporting under the previous PSPF

Before 30 September 2018, the PSPF was a compliance framework. This meant that each year non-corporate Commonwealth entities had to self-assess their PSPF compliance and report on their security posture and measures taken to address identified key risks. 

The consolidated PSPF compliance reports provide an overview of the implementation of the 36 mandatory requirements for that period. 

Visit our Publications library to read these compliance reports.