PSPF Direction Update – July 2024

The Secretary of the Department of Home Affairs has today issued three mandatory Directions under the Protective Security Policy Framework (PSPF) to government entities to manage cyber security risks to the Australian Government.

Direction 001-2024 Managing Foreign Ownership, Control or Influence Risks in Technology Assets

This Direction requires Australian Government entities to identify indicators of Foreign Ownership, Control or Influence risk as they relate to procurement and maintenance of technology assets, and to appropriately manage and report those risks.

Direction 002-2024 Technology Asset Stocktake

This Direction requires Australian Government entities to conduct a technology asset stocktake on all internet-facing systems or services to identify and actively manage the risks associated with vulnerable technologies they manage, including those they manage for other entities.

Direction 003-2024 Supporting Visibility of the Cyber Threat

This Direction requires Australian Government entities to participate in the Australian Signals Directorate’s Cyber Security Partnership Program and for those using threat intelligence sharing platforms, to share cyber threat information with the Australian Signals Directorate.