The Australian Government is currently following caretaker conventions until the results of the 2025 election are announced. No election-related material will be available on this website. For more information about the election, please visit the relevant minister’s or party's websites.

Policy amendment – Information security

The Protective Security Policy Framework (PSPF) Policy 10: Safeguarding data from cyber threats (Policy 10) has been amended to mandate the Essential Eight mitigation strategies from the (ACSC's) Strategies to Mitigate Cyber Security Incidents.

The updated policy requires all non-corporate Commonwealth entities to implement Essential Eight Maturity Level Two mitigations to achieve a PSPF maturity rating of 'Managing'. The mitigation strategies that constitute the Essential Eight are:

  • application control
  • patch applications
  • configure Microsoft Office macro settings
  • user application hardening
  • restrict administrative privileges
  • patch operating systems
  • multi-factor authentication
  • regular backups.

Policy 10 requires the implementation of the additional mitigation strategies as a core requirement from 1 July 2022. These 4 strategies are:

  • configure Microsoft Office macro settings
  • user application hardening
  • multi-factor authentication, and
  • regular backups.