Policy amendment – Information security | Protective Security Policy Framework

15 March 2022

The Protective Security Policy Framework (PSPF) Policy 10: Safeguarding data from cyber threats (Policy 10) has been amended to mandate the Essential Eight mitigation strategies from the (ACSC's) Strategies to Mitigate Cyber Security Incidents.

The updated policy requires all non-corporate Commonwealth entities to implement Essential Eight Maturity Level Two mitigations to achieve a PSPF maturity rating of 'Managing'. The mitigation strategies that constitute the Essential Eight are:

application control
patch applications
configure Microsoft Office macro settings
user application hardening
restrict administrative privileges
patch operating systems
multi-factor authentication
regular backups.

Policy 10 requires the implementation of the additional mitigation strategies as a core requirement from 1 July 2022. These 4 strategies are:

configure Microsoft Office macro settings
user application hardening
multi-factor authentication, and
regular backups.

Protective Security Policy Framework

Policy amendment – Information security

Footer

Australian Government Logo