Protective Security Policy Framework (PSPF)
Federal entities bound by PSPF — governance, information, personnel + physical security.
criticalcurrentannual
Who must comply
All Commonwealth entities + contracted providers handling Commonwealth info.
What triggers it
Commonwealth entity status or handling of Commonwealth security-classified info.
When due
Annual maturity self-assessment + reporting.
Evidence required
PSPF maturity assessment report.
Max penalty
—
Effective from
1 July 2025
Summary
PSPF Release 2024 in force 1 July 2025. Sets minimum protective security requirements for Australian Government entities. Outcomes-based + 16 requirements. Annual reporting to Home Affairs.
Enforced by
Topics
cyber-securitypublic-sector
Source: https://www.protectivesecurity.gov.au. Rules Mate is not a law firm. Always verify against the live regulator source before acting.