PSPF Guidelines and PSPF Release 2024 update

The PSPF Guidelines, and a revision to PSPF Release 2024 have now been published on the PSPF website.

A revised version of the Australian Government Security Caveat Standards has also been published on the Protective Security Policy GovTEAMS community.

PSPF Guidelines

The PSPF Release 2024 Guidelines are now published on the PSPF website.

The Guidelines provide best practice advice on implementing the PSPF Requirements mandated in PSPF Release 2024. In addition to assisting entities with complying with the PSPF requirements, they also provide resources which have been requested frequently by entities.

Find PSPF Guidelines, and all future releases, on the PSPF Guidelines page.

The list of requirements spreadsheet has also been updated to include a list of the Recommended Approaches in the PSPF Guidelines, which are available on Protective Security Policy GovTEAMS community.

PSPF Release 2024

PSPF Release 2024 has been republished with a minor update to correct an error in Table 21 on page 61.

Outsourced and cloud services require an IRAP Assessor to perform the Security Assessor role. An Entity Assessor is not sufficient for these systems.

This requirement aligns with the previous version of the PSPF, the Australian Signals Directorate’s (ASD) Information Security Manual, and ASD’s Cloud Assessment and Authorisation procedures.

Find PSPF Release 2024, and all future releases, on the Annual PSPF Releases page.

Australian Government Security Caveat Standard

The Australian Government Security Caveat Standard has been updated to reflect changes agreed by the Government Security Committee at its meeting on 18 November 2024. The updated Standard is available to Government personnel on the Protective Security Policy GovTEAMS community.

Please note that this News item refers to information correct as at 18 December 2024.