Skip to main content

The Administrative Arrangements Order of 3 August 2023 transferred responsibility for protective security policy, including the Protective Security Policy Framework, from the Attorney-General’s Department to the Department of Home Affairs. These Machinery of Government (MOG) changes began on 4 August 2023.

The PSPF Reporting Portal will transfer to the Department of Home Affairs on 24 May 2024. Before 24 May 2024, all entities and users must set up new authentication credentials through VANguard. You can get more information by contacting the Government Protective Security Policy section at or the PSPF hotline on 02 5127 9999.

Australian Government and international resources

There are a small number of Australian Government entities that provide information, services and advice that will help entities to implement the PSPF.

These include:

  • Australian Security Intelligence Organisation
  • Australian Cyber Security Centre
  • Commonwealth Fraud Prevention Centre
  • Australian Public Service Commission
  • Department of Finance.

Australian Government protective security resources

The Protective Security Policy team in the Attorney-General's Department manages the protective security policy community on GovTEAMS. This online community provides a forum for Australian Government protective security practitioners and policy makers to share information and best practice. The site has an extensive publications library with information, designated for limited distribution, to facilitate implementing the PSPF.

Access to the GovTEAMS community is only available to government personnel. To request access, complete the website’s 'Contact us' form.


ASIO Outreach is the principal interface between the Australian Security Intelligence Organisation (ASIO) and government and industry stakeholders. It provides information in a variety of ways, including:

  • a subscriber-controlled website
  • ASIO-hosted briefings
  • face-to-face engagement
  • joint government and industry forums.

These mechanisms aim to provide risk management government and industry decision-makers with the most current security intelligence and protective security advice.

This assists them to:

  • recognise and respond to national security threats
  • develop appropriate risk mitigation strategies
  • provide informed briefings to executives and staff.

The ASIO Outreach website contains intelligence-backed reporting on the domestic and international security environment, drawn from ASIO's information holdings and expertise (including the multi-agency National Threat Assessment Centre, ASIO's protective security area (T4) and the Counter-Espionage and Interference Division) and some foreign intelligence partner agency reports.

Access to the website is free. To subscribe, visit the ASIO Outreach website.

The Australian Cyber Security Centre ACSC) is the Australian Government's lead on national cyber security. It brings together cyber security capabilities from across the Australian Government to improve the cyber resilience of the Australian community and support the economic and social prosperity of Australia in the digital age.

It is responsible for policy guidance, specialised information security training and professional forums supporting government information security. Visit the ACSC website for information security resources, including the Strategies to Mitigate Cyber Security Incidents and the Australian Government Information Security Manual.

Through the Australian Cyber Security Centre, the Australian Signals Directorate  provides cyber security advice and assistance to Australian governments, businesses and individuals. The Intelligence Services Act 2001 establishes the Australian Signals Directorate as the Commonwealth authority on the security of information.

The Security Construction and Equipment Committee is a standing inter-departmental committee responsible for the evaluation of security equipment for use by Australian Government departments and agencies. SCEC is also responsible for the SCEC Security Zone Consultant scheme, SCEC Approved Locksmith scheme, and SCEC endorsed Courier scheme. SCEC's equipment evaluation program and consultant, locksmith and courier schemes are managed by ASIO's T4 Protective Security.

The Office of the Australian Information Commissioner's 3 primary functions – privacy, freedom of information and government information policy – are all relevant to implementing the PSPF. Their website includes information about the Australian Privacy Principles and the Notifiable Data Breaches scheme.

The Australian Public Service Commission provides advice and resources on a range of matters relating to the Australian Public Service and public sector workforce management. Its purpose is to position the APS workforce for the future, by shaping the APS workforce, modernising the employment framework, building workforce capability, and promoting integrity. The APSC has published Handling Misconduct: a human resource manager's guide to help APS agencies and employees understand misconduct processes in the Australian Public Service.

The Commonwealth Fraud Prevention Centre is part of the Attorney-General's Department. It is responsible for coordinating fraud control policy. Fraud against the Commonwealth is a serious matter for all Australian Government departments and agencies, and the community. It prevents taxpayer dollars from reaching intended targets and affects the government's ability to deliver key services.

The Commonwealth Fraud Control Framework outlines the Australian Government's requirements for fraud control. One of these is that government entities must put in place a comprehensive fraud control program that covers prevention, detection, investigation and reporting strategies.

The Commonwealth has controls in place to protect Australian Government systems and the data they hold. The whole-of-Government Hosting Strategy is a key policy outlining the requirement for all data to be hosted with an appropriate level of privacy, sovereignty, and security controls.

Secure gateway services are imperative. The Australian Cyber Security Centre publishes a Gateway Security Guidance Package to provide Commonwealth entities with advice in establishing security protections at the network perimeter.

The Secure Cloud Strategy supports Commonwealth entities to maximise the benefits of using cloud services. The Cloud Strategy is intended as a starting point for entities to develop their own value case, workforce plan, best-fit cloud model, and service readiness assessment.

Reports, audits and inquiries

The Australian National Audit Office), as well as some parliamentary committees and Australian Government entities, conduct audits and inquiries, and produce reports with findings relevant to protective security.

The ANAO's annual work program often includes performance audits on the implementation of protective security policy in selected government agencies. Reports of past audits are available on the ANAO website, which can be searched by key words, sector or year. Recent performance audit reports that are relevant to the implementation of the PSPF include:

Check the ANAO's annual work program for information on upcoming performance audits.

The Joint Committee of Public Accounts and Audit (JCPAA) examines all Auditor-General reports that are tabled in each House of the Parliament. This includes performance audit reports. Find out more about the role of the JCPAA on the Parliament of Australia website.

International resources

Our international partners have a range of resources that may be useful for entities implementing the PSPF. This list is not exhaustive – if you use other international resources please contact us and provide details so that we can keep this list up to date.

Treasury Board of Canada Secretariat

The Treasury Board of Canada Secretariat is responsible for Canadian protective security policies, directives, standards and guidelines.

Royal Canadian Mounted Police

The Royal Canadian Mounted Police provide policy and practical advice to Canadian agencies on physical security.

The New Zealand Security Intelligence Service  advises the NZ Government on matters relating to New Zealand's security. They are responsible for the Protective Security Requirements, the New Zealand equivalent of the PSPF.

UK Cabinet Office

The UK Cabinet Office maintains protective security policies for the UK Government.

This includes the UK Security Policy Framework, which provides central internal protective security policy and risk management for UK Government departments and associated bodies.

Centre for the Protection of National Infrastructure resources

The Centre for the Protection of National Infrastructure provides integrated security advice (combining information, personnel and physical) to organisations that make up the UK national infrastructure. CPNI advice helps to reduce the vulnerability of the UK national infrastructure to terrorism and other threats to national security.

Their advice covers security planning, physical security, personnel security and cyber security/information assurance.

The CPNI YouTube channel contains short videos that can be used to assist in agency security awareness training.

United Kingdom Security Vetting

United Kingdom Security Vetting is the single government provider of national security vetting. They are responsible for security vetting to enable the UK government to protect its citizens and provide vital public services, by understanding and managing security risks.

Department of Homeland Security –  Cybersecurity and Infrastructure Security Agency (CISA)

CISA works with partners at all levels of the US Government, and from the private and non-profit sectors, to share information and build greater trust to make US cyber and physical infrastructure more secure.

Defense Personnel and Security Research Center (PERSEREC)

Researchers at  PERSEREC:

  • conduct applied research and development to improve personnel suitability, security, and reliability policy and practice
  • conduct long-term programmatic research and development for the human resource management, security, and intelligence communities
  • provide quick-response studies and analyses in support of policy formation and systems operation
  • disseminate research information to policymakers and practitioners
  • develop innovative systems, tools, and job aids for policymakers, managers, and practitioners concerned with personnel suitability, security, and reliability.