Release of the PSPF 2018 – 19 whole-of-government maturity report

The Australian Government is committed to ensuring government business is delivered securely while continuing to build trust and confidence in our ability to engage with and manage security risks.

The Protective Security Policy Framework assists Australian Government entities to protect their people, information and assets, both here and overseas.

Each financial year, non-corporate Commonwealth entities must report on their security posture to their portfolio minister and the Attorney-General's Department. This report provides assurance to government and the Australian public that entities are implementing security measures that proportionately address their unique security risk environments.

We have now published the Protective Security Policy Framework 2018–19 Assessment Report. This report is the first since reforms to the Protective Security Policy Framework, which were announced in late-2018.

The report uses a new 4-level security maturity model to measure entities implementation of security requirements. The new maturity model replaces the former binary compliance-based model.

The results are promising. Most entities have substantially implemented the core and supporting requirements of the Protective Security Policy Framework. Entities are actively engaged with risk and have a strong understanding of their threat environments. They demonstrate a commitment to improving the security of their information, as well as their people and assets.

The Australian Government is committed to maintaining and improving security practices to protect the resources it holds in trust on behalf of the Australian public, and to meet the high expectations of the Australian people.

Find the report and more information about the new maturity model on the Annual Reporting page.