Add to collection(s) Add to saved
  1. Business
  2. Management

Protective Security Policy Framework Document Map – Version 1.3

advertisement 
Protective Security Policy Framework Document Map – Version 1.3 – amended April 2015
See alternative text below for a description of the following diagram.
PSPF Tier 1:
Directive on the security of government business (amended
October 2014
Overarching protective security policy statement and principles
PSPF Tier 2:
Protective Security Policy Framework (V1.8 – amended
Nov 14):
Australian Government protective security governance
arrangements
Mandatory Requirements
Overall responsibility for protective security
Applicability of the Protective Security Policy Framework
Developing a security culture

Governance arrangements

Personnel security core policy (V2.0 Sep 14)

Information security core policy, and

Physical security core policy
 ASA/ITSA competencies and functions
(V1.1 – amended April 2015)
Better practice guides:
 Developing protective security policies, plans and
procedures (V1.1 – amended April 2015)
 Developing agency classification guides (V1.1 – amended
April 2015)
 Developing agency alert levels (V1.1 – amended April 2015)
Security risk management
 Business impact levels (V2.1 – amended April 2015)
Audit, reviews and reporting
 Compliance reporting (V1.0 – approved Mar 12)
Protective security investigations
 Reporting incidents and conducting security investigations
(V1.1 – amended April 2015)
Legislation
Business continuity management
Contracting
Securing Government Business - Protective Security
Guidance for Executives
(V2.0 – approved Oct 14)
A summary of Tier 1 and 2 documents for agency
heads and senior executives
PSPF—Glossary of terms (V1.3 – amended Nov 14)
PSPF tier 3
Australian Government personnel security
management protocol (V2.1 – amended April
2015)
Australian Government information security
management protocol (V1.2 – amended April
2015)
Australian Government physical security
management protocol (V1.5 – amended April
2015)
Australian Government personnel security
management guidelines:
Australian Government information security
management guidelines:
Australian Government physical security
management guidelines:
 Agency personnel security responsibilities
(V1.1 – amended April 2015)
 Australian Government classification system
(V2.1 – amended April 2015)
 Vetting practices (V1.1 – amended April 2015)
Better practice guides:
 Protectively marking and handling sensitive
and security classified information (V1.2 –
amended April 2015)
 Security zones and risk mitigation control
measures
(V1.5 – amended April 2015)
 Managing the insider threat to your business
(V1.1 – amended April 2015)
 Identifying and managing people of security
concern (V1.0 – approved Jan 15)

Security requirements of outsourced services and
functions (V1.1 – amended April 2015)
Fraud control
International security agreements
 Risk management of outsourced ICT
arrangements (including Cloud)
(V1.1 – amended April 2015)
 Agency cyber security responsibilities when
transacting on line with the public (V2.1 –
amended April 2015)
 Management of aggregated information (V1.1
– amended April 2015)
 Safeguarding foreign government information
(V1.1 – amended April 2015)
PSPF tier 4 documents
Agency protective security policies and procedures
Notes:
1. The PSPF references the Australian Government information security manual (ISM) for ICT security
2. The PSPF gives authority to, or refers to, other publications from other agencies and Australian /International Standards for some specific requirements/ controls
 Physical security of ICT equipment, systems
and facilities
(V1.1 – amended April 2015)
 Working away from the office
(V1.1 – amended April 2015)
 Event security (V1.1 – amended April 2015)
Alternative Text
PSPF Tier 1:
Directive on the security of government business
Overarching protective security policy statement and principles
PSPF Tier 2:
Protective Security Policy Framework (V1.8 – amended Nov 14):

Governance arrangements

Personnel security core policy (V2.0 September 2014)

Information security core policy, and

Physical security core policy
Australian Government protective security governance arrangements
Mandatory Requirements
Overall responsibility for protective security
Applicability of the Protective Security Policy Framework
Developing a security culture

ASA/ITSA competencies and functions (V1.1 – amended April
2015)
Better practice guides:
 Preparing protective security policies, plans and procedures
(V1.1 – amended April 2015)
 Preparing agency classification guides (V1.1 – amended April
2015)
 Developing agency alert levels (V1.1 – amended April 2015)
Security risk management

Audit, reviews and reporting
 Compliance reporting (V1.0 – approved Mar 12)
Protective security investigations

Reporting incidents and conducting security investigations (V1.1 –
amended April 2015)
Legislation
Business continuity management
Contracting

Security requirements of outsourced services and functions
(V1.1 – amended April 2015)
Fraud control
International security agreements

Business impact levels (V2.1 – amended April 2015)
Safeguarding foreign government information (V1.1 – amended
April 2015)
PSPF tier 3
Personnel Security
Australian Government personnel security management protocol (V2.1 – amended April 2015)
Australian Government personnel security management guidelines:

Agency personnel security responsibilities (V1.1 – amended April 2015)
 Vetting practices (V1.1 – amended April 2015)
Better practice guides:

Managing the insider threat to your business (V1.1 – amended April 2015)

Identifying and managing people of security concern (V1.1 – amended April 2015)
Information Security
Australian Government information security management protocol (V1.2 – amended April 2015)
Australian Government information security management guidelines:

Australian Government classification system (V2.1 – amended April 2015)

Protectively marking and handling sensitive and security classified information (V1.2 – amended April 2015)

Risk management of outsourced ICT arrangements (including Cloud) (V1.1 – amended April 2015)

Agency cyber security responsibilities when transacting on line with the public (V2.1 – amended April 2015)

Management of aggregated information (V1.1 – amended April 2015)
Physical Security
Australian Government physical security management protocol (V1.5 – amended April 2015)
Australian Government physical security management guidelines:

Security zones and risk mitigation control measures (V1.5 – amended April 2015)

Physical security of ICT equipment, systems and facilities (V1.1 – amended April 2015)

Working away from the office (V1.1 – amended April 2015)

Event security (V1.1 – amended April 2015)
PSPF tier 4 documents
Agency protective security policies and procedures
Notes:

The PSPF references the Australian Government information security manual (ISM) for ICT security

The PSPF gives authority to, or refers to, other publications from other agencies and Australian /International Standards for some specific
requirements/ controls
Related documents
ANANWAN UNIT DISTRICT NO 226 AMENDED BUGET HEARING
ANANWAN UNIT DISTRICT NO 226 AMENDED BUGET HEARING
Living Standards
Living Standards
Errata - Chapter 3: Early childhood education and care
Errata - Chapter 3: Early childhood education and care
overview_of_key_changes_to_hr_policies_june_15
overview_of_key_changes_to_hr_policies_june_15
Form A: New or Amended Course Proposal
Form A: New or Amended Course Proposal
indicate all tasks to be performed by this individual
indicate all tasks to be performed by this individual
Download
advertisement