Skip to Content

You are in the Finance archive | Archive Home Page | Return to the Finance homepage | Contact Us

The Department of Finance Archive

The content on this page and other Finance archive pages is provided to assist research and may contain references to activities or policies that have no current application. See the full archive disclaimer.

Cyber Security

Cyber security is largely managed by the Department of Prime Minister and Cabinet at link


The Australian Government Cyber Security Strategy

The Australian Government's April 2016 Cyber Security Strategy [external link PM&C website] ('the Strategy') recognises that organisations in both the public and private sectors need to better understand cyber risks and have stronger cyber defences. Cyber security is too often viewed as simply an IT issue—it belongs at the centre of business strategy, for organisations across the public and private sectors.

Cyber security requirements in Government policy proposals

Australian Government departments and entities are responsible for protecting their assets and information from cyber attacks. Entity business cases for ICT-enabled proposals to Government must identify how cyber security risks will be managed and how the proposal will comply with relevant Government cyber security policies.

Finance, through Investment, Capability and Assurance, provides guidance to agencies on cyber security requirements for business cases. To assist entities, it has released more detailed advice to each entity's Chief Financial Officer.

Contact information
Investment, Capability and Assurance
Department of Finance
Ph: (02) 6215 1525


Back to top

Australian Government Requirements

Australian Government Protective Security Policy Framework (PSPF)

The PSPF is issued by the Attorney-General's Department on behalf of the Protective Security Policy Committee (PSPC).

It is the principal means for disseminating Australian Government protective security policies, principles, standards and procedures, to be followed by all Australian Government entities for the protection of official resources. The PSPF is official information and its availability is restricted to Australian Government entities. Contractors working for Australian Government entities may be provided with the sections of the PSPF required to meet contractual obligations by the contracting entity.

For more information:

The Australian Government Information Security Manual

The ISM has been developed by ASD to provide policies and guidance to Australian Government entities on how to protect their ICT systems.

Australian Government entities are required by the PSPF to comply with the ISM. Entities must consider the security implications of their IT systems and devise policy and plans to ensure the systems are appropriately protected.

For more information:

Guidance for agencies transacting online with the public

Online services offer the public a convenient and accessible way to access government services. However, as the use of online government services continue to grow, so too does the scale, sophistication and frequency of hacking, malicious cyber attacks and cyber crime. Finance, through Investment, Capability and Assurance, in conjunction with the Australian Signals Directorate (ASD) and the Attorney-General's Department has developed guidance to support Australian Government agencies in minimising the risk of harm to the public when they transact online with the Australian Government. The Guidance is titled Agency cyber security responsibilities when transacting online with the public [pdf document - 226 KB External Document].

Contact information
Protective Security Policy Section
Attorney-General's Department
3-5 National Circuit
Information Security Operations Branch
Australian Signals Directorate
PO BOX 5076

Back to top

Authentication and Identity Management

Visit the Digital Transformation Office (DTO)external link


Back to top

Contact for information on this page: