You are currently viewing The Government of Australia Declares its Commonwealth Cybersecurity Policy Consultation Package

The Government of Australia Declares its Commonwealth Cybersecurity Policy Consultation Package

The Australian Cyber Security Strategy for 2023–2030 is being advanced by the government. By 2030, we aim to make Australia one of the most cyber-secure countries in the world.
Enhancing Commonwealth Government cyber security is a major goal of the Strategy, as explained in Shield 4, “Protect Critical Infrastructure.” In order to make sure that the Commonwealth Government not only satisfies the same requirements set for critical infrastructure, but also serves as a model for risk management in cyber security, we pledge to improve the cyber security of the Australian Government.

The government has already taken action to encourage agencies to implement more robust security measures. The Protective Security Policy Framework (PSPF) Release 2024 was released by the government on November 1, 2024. The PSPF was updated annually, with this being the first version. In order to safeguard, discourage, and address the security threats and difficulties we encounter, these upgrades make sure policy settings are suitable for the modern threat environment. The Australian Government now has a best-in-class yearly strategy to handle modern protection security dangers thanks to this new procedure.
Our governance is shaped by globally recognized frameworks and standards. These consist of the following: the Information Security Manual, the Protective Security Policy Framework, and the Essential Eight Strategies.

The Commonwealth’s cyber security risk is reduced thanks to these guidelines. Cybersecurity resilience, however, is a continuous process. It is a continuum that takes into account the shifting risk brought about by the shifting threat landscape and the growing vulnerabilities brought about by technological advancement. In order to securely handle current practices and potential dangers, we need to think about policy reform.
We are providing a consultation opportunity to the public. Policies pertaining to Commonwealth cyber security resilience will be shaped in part by this. These improvements will be implemented through the Hosting Certification Framework reforms, a new Whole of Government Gateway Policy, and PSPF Release 25. We are aware that altering these papers will have an effect on the larger supply chain as well as the government agencies to which they directly relate.

In order to gather input that will determine the future course, this first consultation package presents the Guiding Principles to implant Zero Trust Culture (893KB PDF).In order to better manage the emerging risks resulting from a quickly changing cyber threat landscape, institutions can better plan for the organizational transformations required to adopt a Zero Trust strategy by using the Guiding Principles to integrate Zero Trust Culture.
The Department will also provide input on modifications to our primary policy levers in 2025:
Framework 25 of the Protective Security Policy
• The Gateway Policy for the Whole Government
• The Framework for Hosting Certification.
To make sure that policy and technical guidelines are in line, we are collaborating with our technical colleagues, the Australian Cyber Security Centre of the Australian Signal Directorate.