Protective Security Directions under the PSPF

The PSPF provides that, having considered advice key Technical Authority Entities, the Secretary of the Department of Home Affairs may issue a direction to accountable authorities to manage a protective security risk to the Australian Government. The Accountable Authority of each entity must adhere to any Direction issued.

Directions

Download: Direction 002-2025 on Kaspersky Lab, Inc. Products and Web Services [PDF]

Publication date: 21 February 2025

PSPF Direction 002-2025 requires Australian Government entities to prevent the installation of Kaspersky Lab, Inc. products and web services from all Australian Government systems and devices, and where found, to remove all existing instances.

Download: Direction 001-2025 on DeepSeek Products, Applications and Web Services [PDF]

Publication date: 4 February 2025

PSPF Direction 001-2025 requires Australian Government entities to prevent the access, use or installation of DeepSeek products, applications and web services and where found remove all existing instances of DeepSeek products, applications and web services from all Australian Government systems and devices.

Download: Direction 003-2024 on Supporting Visibility of the Cyber Threat [PDF]

Publication date: 8 July 2024

PSPF Direction 003-2024 requires Australian Government entities using threat intelligence sharing platforms to share cyber threat information with the Australian Signals Directorate.

Download: Direction 002-2024 on Technology Asset Stocktake [PDF]

Publication date: 8 July 2024

PSPF Direction 002-2024 requires Australian Government entities to identify and actively manage the risks associated with vulnerable technologies they manage, including those they manage for other entities.

Download: Direction 001-2024 on Managing Foreign Ownership, Control or Influence Risks in Technology Assets [PDF]

Publication date: 8 July 2024

PSPF Direction 001-2024 requires Australian Government entities to identify indicators of Foreign Ownership, Control or Influence risk as they relate to procurement and maintenance of technology assets and appropriately manage and report those risks.

Download: Direction 001-2023 on the TikTok application [PDF]

Publication date: 4 April 2023

PSPF 001-2023 restricts the use of the TikTok application on government devices, based on the security risk presented by that application.