nsw government information classification and labelling ... government... · 3 nsw system for...
TRANSCRIPT
Contact [email protected] Strategic Policy Branch Department of Finance and Services Level 15, McKell Building 2-24 Rawson Place SYDNEY NSW 2000
NSW Government Information
Classification and Labelling Guidelines
v1.1
October 2013
ii
Table of contents
1 Document control 5
1.1 Document approval 5
1.2 Document version control 5
1.3 Review date 5
2 Introduction 6
2.1 Purpose 6
2.2 Scope 6
2.3 Background 7
2.4 Superseded NSW guidance 8
2.5 Information Management Framework 8
2.6 Related guidance 8
3 NSW system for classification and labelling 9
3.1 UNCLASSIFIED material 9
3.2 Protective markings 9
3.3 Who applies protective markings? 11
3.4 What is protectively marked? 11
3.5 When are protective markings applied? 11
3.6 How are protective markings applied? 12
3.7 Agency classification and labelling policy and procedures 13
3.8 Receiving Commonwealth information 14
4 Applying dissemination limiting markers (DLMs) 15
4.1 When to use DLMs 15
4.2 Creation of new DLMs 15
4.3 Control and handling of DLM information 16
iii
4.4 FOUO – Sensitive – Sensitive: Personal – Sensitive: Legal 16
4.4.1 Preparation and handling 16
4.4.2 Removal and auditing 17
4.4.3 Copying, storage and disposal 17
4.4.4 Manual transmission 18
4.4.5 Electronic transmission 18
4.5 Sensitive: NSW Government 19
4.5.1 Removal and auditing 19
4.5.2 Copying, storage and disposal 20
4.5.3 Manual transmission 20
4.5.4 Electronic transmission 21
4.6 Sensitive: NSW Cabinet 21
4.6.1 Copying, storage and disposal 22
4.7 Sensitive: Cabinet 22
5 Applying security classifications 23
5.1 Control and handling of classified information 23
5.2 PROTECTED 23
5.3 CONFIDENTIAL 23
5.4 SECRET 24
5.5 TOP SECRET 24
6 Applying caveats 26
6.1 When to use caveats 26
6.2 Removing caveats 26
6.3 Codewords 26
6.4 Source codewords 27
6.5 Eyes Only 27
6.6 Australian Government Access Only (AGAO) 27
iv
6.7 Releasable to 27
6.8 Special handling caveats 28
6.9 Accountable Material 28
APPENDIX A – Suggested mapping 29
APPENDIX B – Transition guidance 30
B1. A consistent approach 30
B2. Key points for transition 30
B3. Frequently asked questions 31
APPENDIX C – Protective markings in use in NSW 33
APPENDIX D – Business Impact Levels 34
APPENDIX E – Classification and labelling content examples 35
APPENDIX F – Aligning control and handling requirements 36
APPENDIX G – Resources 37
APPENDIX H – Glossary 39
5
1 Document control
1.1 Document approval
Name & Position Signature Date
1.2 Document version control
Version Status Date Prepared by Comments
0.1 Consultation Draft 28 May 2013 DFS Initial draft.
0.2 Consultation Draft 5 July 2013 DFS Updated to reflect preferred options.
0.3 Draft 24 July 2013 DFS Updated after input from the Information Security Steering Group and the Classification & Labelling Working Group.
0.4 Draft 30 August 2013 DFS Further updated version taking in comments from DPC et al.
1.0 Final September 2013
DFS Final additional comments taken in.
1.1 Final October 2013 DFS Updated to reflect changes to the PSPF Business Impact Levels (BILs), and consequential minor amendments, affecting 3.6, 5.2, 5.3, 5.4, 5.5, 6.7 and Appendix D.
1.3 Review date
These Guidelines will be reviewed in July 2015.
They may be reviewed earlier in response to post-implementation feedback or as necessary.
6
2 Introduction
2.1 Purpose
The NSW Government Digital Information Security Policy outlines the NSW Government’s
commitment to transitioning to a system for classifying and labelling sensitive information in a
manner that is consistent with the Commonwealth security classification system (“the
Commonwealth system”).
This document provides guidance to help NSW government agencies:
maximise consistency with the Commonwealth system, and
minimise the resources required for transition to the new system.
Sensitive information labelled or classified on or after 1 January 2014 must comply with the
system outlined in these Guidelines, including the protective markings listed.
These Guidelines outline an approach that is consistent with the Information security management
guidelines – Australian Government security classification system, which supports the
Commonwealth Protective Security Policy Framework (PSPF).
2.2 Scope
These Guidelines support the implementation of the NSW Government Digital Information Security
Policy. In accordance with the scope and objectives of the policy, this guidance applies to the
classification, labelling and handling of sensitive information in any format, including records in
physical and digital format.
These Guidelines and their requirements are mandatory for all NSW government agencies with
regard to classifying and labelling sensitive information.
However, individual agencies are responsible for applying protective markings and may develop
their own internal agency policies, plans and procedures for classifying and labelling sensitive
information, as required, and in line with these Guidelines.
Agencies must refer to the relevant requirements in the PSPF for classifying and handling security
classified information, i.e. PROTECTED, CONFIDENTIAL, SECRET, and TOP SECRET – particularly in
relation to information affecting national security.
These Guidelines do not affect or alter existing legal and regulatory requirements under
Commonwealth or NSW State legislation, including under: the Government Information (Public
Access) Act 2009 (NSW) (GIPAA), the Privacy and Personal Information Act 1998 (NSW) (PPIPA), the
7
Health Records and Information Privacy Act 2002 (NSW) (HRIPA) and the State Records Act 1998
(NSW). Existing privacy principles applicable under State and/or Commonwealth legislation
continue to apply to the handling of information.
Where an agency engages a contractor or third party provider, the agency is responsible for
ensuring the contractor or third party provider complies with these Guidelines.
These Guidelines are based on, and directly reproduce in part, the text of the Commonwealth
system and PSPF. For readability, where text from the Commonwealth system is reproduced
neither specific attribution, nor quotation marks, are provided.
Terms not explained in the text of the Guidelines are defined in the Glossary at Appendix H.
2.3 Background
The NSW Government approach to classifying and labelling sensitive information has been
reviewed to align with the Commonwealth system.
Sharing information between State and Commonwealth agencies can support the delivery of
emergency services, enable more effective law enforcement and contribute to national security
operations.
Implementing consistent methods of classification and labelling allows sensitive information to be
securely shared across jurisdictions, with confidence that the information will be handled and
protected according to its sensitivity.
These Guidelines have been developed to:
provide a consistent and structured approach to the classification and labelling of sensitive
information to be used by all NSW agencies
allow for integration between the existing sensitive information labels in NSW and the
information security classification markings used by the Commonwealth
provide guidance for NSW agencies in transitioning to the system outlined in these
Guidelines
assist agencies in identifying security classified or sensitive information, and in applying
appropriate protective markings to this information
clarify where classification and labelling systems overlap, and
encourage better practices in protective security procedures by all NSW agencies.
8
2.4 Superseded NSW guidance
These Guidelines supersede C2002-69 NSW Guide to Labelling Sensitive Information 2011 Version
1.2 (30/6/2011).
Information labelled or classified before 1 January 2014 should not be re-labelled or re-classified
unless specifically required due to a business or operational need. Most documents labelled under
the previous system can retain their existing labels, providing staff are aware of the appropriate
handling requirements.
Appendix A provides a table showing how to map the most common existing labels to the new
system for classifying and labelling sensitive information. Additional guidance for transitioning
from the previous system to the system outlined in these Guidelines is at Appendix B.
2.5 Information Management Framework
These Guidelines form part of the Information Management Framework. A key initiative of the
NSW Government ICT Strategy is the development of an Information Management Framework to
support the way government administers and uses data and information.
The Framework is a set of standards, policies, guidelines and procedures that enable data and
information to be managed in a secure, structured and consistent manner.
It ensures that data and information can be appropriately shared or re-used by agencies, individual
public sector staff, the community or industry for better services, improved performance
management and a more productive public sector.
2.6 Related guidance
These Guidelines should be read with other guidance on classification, labelling and handling,
namely:
the NSW Digital Information Security Policy
the Information security management guidelines – Australian Government security
classification system (from the PSPF) – setting out the Commonwealth system
the Physical security management guidelines (from the PSPF)
agencies’ existing policies and procedures for labelling, classifying and handling sensitive
information, and
legal and regulatory requirements in relation to information classification, labelling and
handling.
Details of other policies and legislation affecting these Guidelines can be found at Appendix G.
9
3 NSW system for classification and labelling
3.1 UNCLASSIFIED material
Most information handled by NSW government agencies is of low sensitivity and requires only
limited protection. Where the information does not require a security classification it may be
marked UNCLASSIFIED if required by agency policy.
UNCLASSIFIED is not a protective marking or a security classification. UNCLASSIFIED may be used in
conjunction with a DLM.
UNCLASSIFIED is used by convention to describe official information that is not expected to cause
harm and does not require a security classification.
Newly created or unlabelled material is by default UNCLASSIFIED and should be stored and
handled according to NSW State Records standards and guidance and other NSW legislative and
regulatory requirements as appropriate.
Material created on or after 1 January 2014 is regarded as unlabelled and UNCLASSIFIED where no
protective marking is used.
3.2 Protective markings
There are three categories of protective markings: dissemination limiting markers (DLMs), security
classifications and caveats, and details of each category are set out below.
Specific definitions of each protective marking are set out at Appendix C.
10
Category Description
Dissemination Limiting
Marker (DLM)
Information that does not meet the criteria for security classification but which
requires some lower level of protection can be labelled with a dissemination
limiting marker (DLM).
DLMs are markings for information where disclosure may be limited or prohibited
by legislation, or where it may otherwise require special handling.
The Commonwealth system includes five DLMs:
For Official Use Only (FOUO)
Sensitive
Sensitive: Personal
Sensitive: Legal, and
Sensitive: Cabinet
In NSW, two additional DLMs are used under these Guidelines:
Sensitive: NSW Government
Sensitive: NSW Cabinet
Security classification Used to protect the most sensitive government information.
The Australian Government system includes four classifications:
PROTECTED
CONFIDENTIAL
SECRET, and
TOP SECRET
Each level of classification reflects the consequences of unauthorised disclosure
and has strict handling and security clearance requirements.
Security classifications have been the subject of a memorandum of understanding
between the NSW and Commonwealth Governments.
NSW agencies that handle information requiring security classification must
manage this information in accordance with Commonwealth requirements. Only a
small number of agencies deal with information at this level.
Security classifications CONFIDENTIAL, SECRET and TOP SECRET are to be
regarded as national security classifications under these Guidelines.
11
Category Description
Caveat Certain information may bear a security caveat in addition to a security
classification or label. The caveat is a warning that the information has special
non-disclosure requirements in addition to those indicated by the protective
marking.
Caveats cannot be applied to unlabelled or UNCLASSIFIED information.
The Commonwealth system identifies seven categories of caveats:
codewords
source codewords
Eyes Only
Australian Government Access Only
Releasable to
special handling caveats, and
Accountable Material
3.3 Who applies protective markings?
The person responsible for preparing the information – or for actioning information produced
outside of the State or Commonwealth Government – is to decide its protective marking. This
person is called the originator.
Agencies are to advise all employees, including contractors, who use this system of classifications
and labels on its proper use.
3.4 What is protectively marked?
Protective markings can be applied to information in any format, medium or resource. This
includes paper files or documents, digital files or documents, information assets, datasets,
infrastructure, records management systems, magnetic or optical media, microforms, databases,
software applications, hardware and physical assets.
3.5 When are protective markings applied?
Apply protective markings, or UNCLASSIFIED, when the information is created or received – or as
soon as a high level of sensitivity becomes apparent.
An agency sending sensitive information to another government agency must label the
information in accordance with these Guidelines.
12
Information received from external sources should be evaluated upon receipt and protectively
marked in accordance with these Guidelines.
Protectively-marked information which is received from another government agency should be
handled in accordance with these Guidelines and the PSPF as appropriate.
3.6 How are protective markings applied?
An agency must first identify its information assets as part of broader information management
practice.
To apply these Guidelines, follow these steps.
STEP 1 – Determine whether the information requires protection
Determine…. Then consider….
If the information is already protected
using a pre-existing labelling or
classification system, and if so, at what
level?
The existing level of protection, and suggested mapping
from previous labels or classifications to current ones under
these Guidelines (see Appendix A).
What would be the impact if the
information were released?
Potential damage caused by the release of the information.
PSPF Business Impact Levels (BILs) can provide some
guidance in relation to security classified information
(reproduced from the PSPF at Appendix D)
Does the information contain anything
that is sensitive?
Whether the information requires a DLM or classification,
and at what level.
STEP 2 – Identify the appropriate level of protection
Consider the following when determining the level of protection:
principles of good information security practice
definitions of approved protective markings
impact levels of unauthorised disclosure or misuse of the information
proactive release of UNCLASSIFIED information
who created the information and who will need to access it, for example, consider the
security clearance levels of information creators, originators and recipients, and their
ability to access or protect information which is protectively marked
13
interoperability issues with different definitions/labels, and with the previous NSW
labelling system
removal and auditing
any limit on the duration of a classification; at what point it should be reviewed; and how
it can be downgraded
principles of good privacy management practice, Privacy by Design, and
issues that can result from over-classification, e.g. restrictions on copying, storage and
disposal, transmission and transfer of information (manual and electronic transmission –
e.g. information classified PROTECTED and above cannot be transmitted using standard
email systems, and cloud storage requires encryption).
STEP 3 – Avoid over-classification
NSW government agencies are expected to use a DLM or security classification only when there is
a clear and justifiable need to do so – when the consequences of information being compromised
warrant the expense of increased protection.
Over-classification can have a range of undesirable outcomes, including (from the PSPF):
unnecessary limitation of public access to information
unnecessary imposition of extra administrative arrangements and additional cost
excessively large volumes of protected information, which is harder for an agency to
protect, or
devaluing of protective markings, leading to these labels being ignored or avoided by
employees or receiving agencies.
Appendix E provides specific classification and labelling content examples.
3.7 Agency classification and labelling policy and procedures
Using these Guidelines, and other applicable information management standards and policy,
agencies may develop and apply their own internal policies and procedures for the maintenance of
appropriate levels of classification and labelling.
Under the NSW Digital Information Security Policy, agencies must have an internal information
security policy, which may include agency-specific procedures for labelling and handling sensitive
information. Agency policies must be consistent with the NSW Digital Information Security Policy,
these Guidelines, and relevant parts of the PSPF as required.
14
Use agency policies to identify:
who is responsible for information classification and labelling
who is responsible for the policies and procedures governing the alteration of protective
markings
what information requires classification and labelling, and
any unique procedures for handling that information and complying with legislation.
Agencies must determine specific events or dates for declassification on the basis of an
assessment of the duration of the information’s sensitivity, and regularly review the level of
protective marking applied to information. This must be done in accordance with an agency’s
internal policy and procedures.
In developing internal policies and procedures, agencies must ensure principles of good
information security practice are applied:
sensitive information should only be released to organisations and individuals with a
demonstrated need to know
information is to be stored and processed away from public access
the removal of information from agency premises is on the basis of identified need
disposal of information is by secure means, and
transmission and transfer of information is to be by means which deter unauthorised
access.
3.8 Receiving Commonwealth information
NSW agencies handling DLM information which:
was created by a Commonwealth agency, and/or
primarily relates to the operation of the Commonwealth or a Commonwealth agency,
are required to comply with the procedures set out in the PSPF regarding the application, removal,
transfer, receipt and destruction of that information.
For all security classified information, NSW agencies are required to control and handle the
information according to the relevant procedures set out in the PSPF – regardless of whether the
information originates in NSW or the Commonwealth.
It is the responsibility of the sender of information to ensure that security classified documents are
protected appropriately.
15
4 Applying dissemination limiting markers (DLMs)
4.1 When to use DLMs
DLMs are used where disclosure may be limited or prohibited by legislation, or where it may
otherwise require special handling. DLMs can be used:
on their own, or
in conjunction with a security classification.
The exception is FOUO – this may only be used with UNCLASSIFIED information.
In a situation where a document has multiple types of information, or information at more than
one sensitivity level of DLM or classification, the document must be labelled and/or classified as
per the information of the highest level of sensitivity within that document. This principle also
applies where a container has information of varying levels of sensitivity within it.
The presence or absence of a protective marking will not affect a document’s status under GIPAA,
PPIPA and HRIPA.
GIPAA mandates an open, accountable, transparent approach to proactive information disclosure
for NSW Government. GIPAA helps to ensure that access to government information is restricted
only when there is an overriding public interest against disclosure. The ‘public interest’ test is the
principle underpinning the procedures outlined in GIPAA.
4.2 Creation of new DLMs
In normal circumstances agencies must not create their own DLMs, security classifications or
caveats. Under these Guidelines new Sensitive DLMs may be created by agencies when the
following three conditions are met:
1. there is a specific agency need
2. there is no approved DLM which is appropriate for use, and
3. the new DLM is endorsed by the Information Security Steering Group.
The Information Security Steering Group is made up of members of the Information Security
Community of Practice, which is established under the NSW Digital Information Security Policy.
This Steering Group approves the creation of new DLMs, and oversights their management. Where
new DLMs are approved by the Steering Group, by default the requirements for control,
preparation and handling as set out in relation to Sensitive information apply to the new DLMs –
subject to any additions or modifications as approved by the Steering Group.
16
These Guidelines do not prevent agencies, on the basis of internal processes, policies and
procedures, using other agency-specific markers – for example in round brackets after a DLM. This
practice should only be used in conjunction with approved DLMs and/or security classifications.
4.3 Control and handling of DLM information
These Guidelines set out minimum control and handling requirements for DLMs, and additional
guidance is provided by the PSPF in Information security management guidelines – Protectively
marking and handling sensitive and security classified information.
Where there is potential ambiguity in interpreting the control or handling requirements in these
Guidelines, refer to principles outlined in the NSW Digital Information Security Policy, in particular
the need to take a risk-based approach.
Situations may arise where there are differences between the requirements for control and/or
handling in these Guidelines and what is set out in the PSPF (as updated from time to time).
Appendix F addresses specific scenarios where control and handling requirements under these
Guidelines intersect with the PSPF.
4.4 FOUO – Sensitive – Sensitive: Personal – Sensitive: Legal
4.4.1 Preparation and handling
Marking
centre of top and bottom of each page
markings should be in bold text and a minimum of 5mm high (preferably red stamp)
the label on a file cover or container must be at least equal to the label on the most
sensitive item in the file or container
paragraph markings, where adopted, should appear in a consistent position such as at the
end of each paragraph (refer to the PSPF for guidance on applying paragraph markings),
and
electronic and other documents should include their sensitivity label in their metadata as
appropriate.
Numbering
page and/or paragraph numbering is desirable.
Filing and media labels
front and back file covers and media labels to be marked Sensitive in large letters and
an agency may reserve specific colours for file covers and media labels covering Sensitive
items.
17
Disclosure/access
need to know, and
only in accordance with legislative and administrative requirements.
4.4.2 Removal and auditing
Removal of documents or files
basis of real need, e.g. a meeting
removal must be authorised by a supervisor (or equivalent) who should be satisfied that
the removing officer is aware of the potential risks involved and that he or she is
responsible for its safe custody at all times, and
ensure adequate custodial arrangements, including overnight storage.
Audits
determined on the basis of agency requirements.
4.4.3 Copying, storage and disposal
Copying
may be prohibited by originator, and
to be kept to a minimum in keeping with operational requirements.
Physical safe-keeping — minimum standards
‘clear desk’ policy
hard copy and any form of unencrypted removable electronic media must be held in a
commercial-grade locked container or a secure area, and
servers and associated devices processing or storing Sensitive data must be sited in
appropriately secure facilities – the Commonwealth Information Security Manual (ISM)
provides a guide.
Electronic storage
Agencies should conduct a risk assessment to determine whether sensitive information should be
encrypted when stored in any laptop or on a removable PC hard drive or storage device. If
encryption is used, it must be performed using a method approved by the agency security plan.
Disposal
Transfer in accordance with the State Records Act 1998 (NSW); or if not required, then records
destruction should be authorised under current retention and disposal authorities and be carried
out after minimum retention periods have been met:
paper items only: destroy by appropriate method or contract approved in the agency
security plan; or
18
for all other media: consult the information security officer and ensure appropriate
deletion, destruction or sanitisation processes are used.
Records should be destroyed in ways that ensure that they cannot be recovered or reconstituted.
Destruction should be documented and contractors used for destruction should provide
certificates of destruction.
Records required as State archives in current retention and disposal authorities should be
transferred to State Records NSW as appropriate.
Note: State records in any form may only be disposed of in accordance with Part 3 of the State
Records Act 1998 (NSW), PPIPA and HRIPA.
4.4.4 Manual transmission
Within a single physical location
A single sealed opaque envelope that indicates the DLM, delivered by the agency’s internal mail
system.
May be passed, uncovered, by hand within a secure area provided it is transferred directly
between people with the need to know and there is no opportunity for any unauthorised person
to view the information.
Transfer between establishments
Single sealed opaque envelope that does not indicate the sensitivity of the information; receipt at
discretion of the originator AND one of the following:
passed by hand between people who have the need to know
delivered securely by an overnight courier that is endorsed in line with the agency security
plan, or
delivered by Australia Post, State Mail Service or a DX service.
4.4.5 Electronic transmission
Telephone, VoIP, facsimile and video conference equipment
Information may be passed unencrypted over an agency’s private communications system
provided it is contained within a single site and uses only wire line or fibre optic bearers (that is,
with no microwave, cellular telephone, wireless LAN or similar radio frequency links).
If transmission is regular or frequent, agencies should conduct a risk assessment to determine
whether encryption is appropriate for communications between sites or within sites using other
than wire line or fibre optic transmission.
19
Data transmissions and email
infrequent transmissions may be made without special controls, and
agencies should consider encryption based on a risk assessment; suitable email encryption
products may be found, for example, on the Australian Signals Directorate’s (ASD’s)
Evaluated Products List (EPL).
Computer networks
should only be connected to public networks (including the internet) using appropriate
network connection control and / or routing control, on the basis of a risk assessment.
4.5 Sensitive: NSW Government
The Sensitive: NSW Government protective marking is used when the compromise of the
information could cause damage to the NSW Government, commercial entities or members of the
public. For instance, where compromise could:
endanger individuals and/or private entities
work substantially against state or national finances or economic and commercial interests
substantially undermine the financial viability of major organisations
impede the investigation or facilitate the commission of serious crime, or
seriously impede the development or operation of major government policies.
Information that was previously labelled as PROTECTED under the NSW labelling system may
translate to the DLM Sensitive: NSW Government.
Sensitive: NSW Government may also be abbreviated to Sensitive: NSW Govt.
Note: All control and handling requirements for Sensitive information apply to Sensitive: NSW
Government information – with the following additions and modifications.
4.5.1 Removal and auditing
Removal of documents or files
must be in personal custody of individual and when not in use kept in a locked container,
and
removal must be authorised by a manager (or equivalent) responsible for the business unit
that is custodian of the information.
Audits
it is good security practice to establish a program of spot checks of information at this
level.
20
4.5.2 Copying, storage and disposal
Disposal
Transfer in accordance with the State Records Act 1998 (NSW); or if not required, then records
destruction should be authorised under current retention and disposal authorities and be carried
out after minimum retention periods have been met:
paper items only: destroy by shredding
electronic media and equipment: must undergo sanitisation (the Commonwealth ISM
provides a guide), and
if ‘Accountable Material’: under supervision of two officers who must supervise the
removal of the material to the point of destruction, ensure that destruction is complete
and sign a certificate of destruction.
Records should be destroyed in ways that ensure that they cannot be recovered or reconstituted.
Destruction should be documented and contractors used for destruction should provide
certificates of destruction.
Records required as State archives in current retention and disposal authorities should be
transferred to State Records NSW as appropriate.
Note: State records in any form may only be disposed of in accordance with Part 3 of the State
Records Act 1998 (NSW), PPIPA and HRIPA.
4.5.3 Manual transmission
Within a single physical location
Single sealed opaque envelope that indicates the DLM; receipt at the discretion of the originator
AND:
passed by hand between people who have the need to know, or
placed in a locked container and delivered direct, by hand, by an authorised messenger.
May be passed, uncovered, by hand within a discrete office environment provided it is transferred
directly between members of staff with the need to know and there is no opportunity for any
unauthorised person to view the information.
Transfer between establishments
single sealed opaque envelope that does not give any indication of the classification AND
placed in a locked container and delivered direct, by hand, by an authorised messenger
AND receipt required, or
21
double, sealed envelope AND receipt required AND delivered securely by an overnight
courier that is endorsed in line with the agency security plan using the safe hand level of
service.
Where personal or health information is being transferred, it is also necessary to comply with the
requirements of PPIPA and HRIPA respectively.
4.5.4 Electronic transmission
Telephone, fax and video conference equipment
Information may be passed in clear over an agency’s private communications system contained
within a single site, using wire line or fibre optic bearers having a low probability of interception or
where Sensitive: NSW Government traffic is unpredictable and infrequent.
Between or within sites using other than wire line or fibre optic bearers, unless there is a low
probability of interception and Sensitive: NSW Government traffic is unpredictable and
infrequent, information must be encrypted, for example, by using products from ASD’s EPL.
Data transmissions and email
Unpredictable and infrequent Sensitive: NSW Government transmissions may be made without
special controls. Otherwise agencies should consider the use of appropriate encryption products,
for example, products from ASD’s EPL.
4.6 Sensitive: NSW Cabinet
This DLM that may be applied to sensitive NSW Cabinet documents, including:
any document including but not limited to business lists, minutes, submissions,
memoranda and matters without submission that are or have been submitted or proposed
to be submitted to the NSW Cabinet
official records of the NSW Cabinet, or
any other information that would reveal:
- the deliberations or decisions of the NSW Cabinet, or
- matters submitted, or proposed to be submitted to the NSW Cabinet.
Premier’s memorandum M2006-08 Maintaining Confidentiality of Cabinet Documents and Other
Cabinet Conventions describes the practice and convention of the confidentiality of NSW Cabinet
documents.
Sensitive: NSW Cabinet may be applied to NSW Cabinet documents and draft NSW Cabinet
documents, and they must be stored securely, and access should only be on a need to know basis.
22
Cabinet Conventions: NSW Practice details the importance of maintaining Cabinet confidentiality,
and the protections outlined therein continue to apply. Any Cabinet documents relating to
national security are to be classified accordingly. The Ministerial Handbook outlines handling
procedures for documents provided to NSW Cabinet.
To the extent of any inconsistency between these Guidelines, and guidance, policy or processes
issued by the NSW Department of Premier and Cabinet regarding the control or handling of
Sensitive: NSW Cabinet information, the latter prevail.
Note: In addition to the above, all control and handling requirements for Sensitive: NSW
Government information apply to Sensitive: NSW Cabinet, with the following additions and
modifications.
4.6.1 Copying, storage and disposal
Copying
copying Sensitive: NSW Cabinet documents is always prohibited.
4.7 Sensitive: Cabinet
This DLM is for Commonwealth Cabinet information – refer to the PSPF for requirements
regarding the application of this DLM, and in relation to control and handing.
Any use of this DLM is to be accompanied by a security classification of at least PROTECTED.
23
5 Applying security classifications
5.1 Control and handling of classified information
Refer to the PSPF for relevant requirements relating to the control and handling of security
classified information.
5.2 PROTECTED
The PROTECTED security classification is used when the compromise of the information could
cause damage to the Australian Government, commercial entities or members of the public. For
instance, where compromise could:
endanger individuals and private entities – the compromise of information could lead to
serious harm or potentially life threatening injury to an individual
work substantially against state or national finances or economic and commercial interests
substantially undermine the financial viability of major organisations
impede the investigation or facilitate the commission of serious crime, or
seriously impede the development or operation of major government policies.
For relevant control and handling requirements for PROTECTED information agencies are directed
to the PSPF and Information security management guidelines – Protectively marking and handling
sensitive and security classified information.
Personnel who access information that is classified at a level of PROTECTED or above should be
security-vetted.
Note: Information that was labelled as PROTECTED under the previous NSW system may not
translate to the Commonwealth definition of PROTECTED. The DLM Sensitive: NSW Government
may be more appropriate for NSW agencies to deal with sensitive information they hold.
5.3 CONFIDENTIAL
The CONFIDENTIAL security classification should be used when compromise of information could
cause damage to national security. For instance, where compromise could:
endanger small groups of individuals – the compromise of information could lead to
serious harm or potentially life threatening injuries to a small group of individuals
damage diplomatic relations – in other words, cause formal protest or other sanction
24
damage the operational effectiveness or security of Australian or allied forces
damage the effectiveness of valuable security or intelligence operations
disrupt significant national infrastructure, or
damage the internal stability of Australia or other countries.
For relevant control and handling requirements for CONFIDENTIAL information agencies are
directed to the PSPF and Information security management guidelines – Protectively marking and
handling sensitive and security classified information.
5.4 SECRET
The SECRET security classification should be used when compromise of information could cause
serious damage to national security, the Australian Government, nationally important economic
and commercial interests, or threaten life. For instance, where compromise could:
raise international tension
seriously damage relations with other governments
seriously damage the operational effectiveness or security of Australian or allied forces
seriously damage the continuing effectiveness of highly valuable security or intelligence
operations
threaten life directly – the compromise of information could reasonably be expected to
lead to loss of life of an individual or small group
seriously prejudice public order
substantially damage national finances or economic and commercial interests
shut down or substantially disrupt significant national infrastructure, or
seriously damage the internal stability of Australia or other countries.
For relevant control and handling requirements for SECRET information agencies are directed to
the PSPF and Information security management guidelines – Protectively marking and handling
sensitive and security classified information.
5.5 TOP SECRET
The TOP SECRET security classification requires the highest degree of protection as compromise of
information could cause exceptionally grave damage to national security. For instance, where
compromise could:
threaten directly the internal stability of Australia or other countries
25
lead directly to widespread loss of life – the compromise of information could reasonably
be expected to lead to the death of a large number of people
cause exceptionally grave damage to the effectiveness or security of Australian or allied
forces
cause exceptionally grave damage to the effectiveness of extremely valuable security or
intelligence operations
cause exceptionally grave damage to relations with other governments, or
cause severe long-term damage to the Australian economy.
Very little information warrants this marking and it should be used with the utmost restraint.
For relevant control and handling requirements for TOP SECRET information agencies are directed
to the PSPF and Information security management guidelines – Protectively marking and handling
sensitive and security classified information.
26
6 Applying caveats
6.1 When to use caveats
Certain security classified information, most notably some national security classified information,
may bear a security caveat in addition to a security classification. The caveat is a warning that the
information has special requirements in addition to those indicated by the protective marking.
Caveats are not used with DLMs and caveats are not used on their own without an accompanying
security classification. Caveats should not be used extensively in NSW.
People who need to know will be cleared and briefed about the significance of information bearing
caveats; other people are not to have access to this information.
The following categories of security caveat are used:
codewords
source codewords
Eyes Only
Australian Government Access only
Releasable to
special handling caveats, and
Accountable Material. Modifications to wording of caveats may take place with the approval of the Information Security
Steering Group.
6.2 Removing caveats
Information bearing agency-specific caveats is to be re-labelled or appropriate procedures agreed
before release or transmission outside of that agency.
The prior agreement of the originating agency – in other words, the agency that originally placed
the caveat on the material – is required to remove a caveat. If the originating agency will not agree
to the removal of the caveat then the information cannot be released. The requirement to obtain
agreement of the originating agency to release the material cannot be the subject of a policy
exception under any circumstances.
6.3 Codewords
A codeword is a word indicating that the information it covers is in a special need to know
compartment.
It is often necessary to take precautions beyond those normally indicated by the security
classification to protect this information. These precautions will be specified by the organisation
27
that owns the information – for instance, those with a need to access the information will be given
a special briefing first.
The codeword is chosen so that its ordinary meaning is unrelated to the subject of the
information.
6.4 Source codewords
A source codeword is a word or set of letters used to identify the source of certain information
without revealing it to those who do not have a need to know.
6.5 Eyes Only
The Eyes Only (EO) marking indicates that access to information is restricted to certain groups or
jurisdictions, or nationalities in the case of national information, for instance:
AUSTEO means Australian Eyes Only
AUST/US EO means Australian and US Eyes Only, and
NSWEO means New South Wales Government Eyes Only.
Any information marked Eyes Only cannot be passed to or accessed by those who are not listed in
the marking. More information on Eyes Only is outlined in the PSPF.
6.6 Australian Government Access Only (AGAO)
In limited circumstances AGAO is used by the Department of Defence and the Australian Secret
Intelligence Organisation (ASIO). It means these agencies may pass information marked with the
AGAO caveat to appropriately cleared representatives of foreign governments on exchange or
long-term posting or attachment to the Australian Government.
6.7 Releasable to
The caveat RELEASABLE TO identifies information that has been released or is releasable to the
indicated foreign countries only – for example, REL GBR,NZL means that the information may be
passed to the United Kingdom and New Zealand only.
RELEASABLE TO markings are to employ the appropriate two letter country codes from the SAI
Global - ISO 3166-1 Alpha 3 Codes for the representation of names of countries and their
subdivisions.
28
6.8 Special handling caveats
A special-handling caveat is a collection of various indicators such as operation codewords,
instructions to use particular communications channels and EXCLUSIVE FOR (named person). This
caveat is usually used only within particular need to know compartments.
There are special requirements for some caveat or codeword information. These are determined
by the controlling agency and provided on a need to know basis.
6.9 Accountable Material
If strict control over access to, and movement of, particularly sensitive information is required,
originators can make this information Accountable Material. What constitutes Accountable
Material will vary from agency to agency, but could include Budget papers, tender documents and
sensitive ministerial briefing documents.
Accountable Material is subject to the following conditions:
the caveat ‘Accountable Material’ can be in bold print on the front cover of the material –
not necessary for Cabinet documents, TOP SECRET information or codeword material
it is to carry a reference and individual copy number – agencies could also consider making
each page accountable by numbering (for example, page 3 of 10), and placing the
document copy number on each page
it is to carry a warning such as: not to be copied without the prior approval of the
originator
it is only to be passed by hand or safe hand – if it is passed to another person, a receipt is
to be obtained, and
a central register is to be maintained of all persons having access to each accountable
document – this central register is separate from the movement record which forms part
of the document or file.
29
APPENDIX A – Suggested mapping
Business Impact Levels
Previous NSW label
Suggested protective markings under these Guidelines
Dissemination Limiting Marker (DLM) Listed in order of most to least likely.
Security classification
No impact UNCLASSIFIED
Low to Medium PERSONNEL-IN-CONFIDENCE
Sensitive: Personal Sensitive: NSW Government For Official Use Only (FOUO)
UNCLASSIFIED
Low to Medium COMMERCIAL-IN-CONFIDENCE
For Official Use Only (FOUO) Sensitive: NSW Government
UNCLASSIFIED
Low to Medium CLIENT-IN-CONFIDENCE
Sensitive: Legal Sensitive: NSW Government For Official Use Only (FOUO)
UNCLASSIFIED
Low to Medium SECURITY-IN-CONFIDENCE
Sensitive: NSW Government For Official Use Only (FOUO)
UNCLASSIFIED
Low to Medium STAFF-IN-CONFIDENCE
Sensitive: Personal Sensitive: NSW Government For Official Use Only (FOUO)
UNCLASSIFIED
High
CABINET-IN-CONFIDENCE
Sensitive: NSW Cabinet UNCLASSIFIED
High PROTECTED Sensitive: NSW Government
UNCLASSIFIED PROTECTED
High or Very high HIGHLY PROTECTED Sensitive: NSW Government UNCLASSIFIED PROTECTED CONFIDENTIAL SECRET
Extreme
SECRET
Catastrophic
TOP SECRET
30
APPENDIX B – Transition guidance
B1. A consistent approach
NSW Government is committed to the adoption of best practice for information security as
outlined in the NSW Digital Information Security Policy. The NSW system is closely aligned with the
Commonwealth system, which has already been in use in some NSW Government agencies.
Agencies are to adopt practices for labelling and handling sensitive information in accordance with
these Guidelines by 1 January 2014, as they introduce consistent information security processes.
Labelling sensitive information is an essential part of information security and the international
standard AS/NZS ISO/IEC 27001:2005 Information technology – Security techniques – Information
security management systems – Requirements.
Adopting a consistent approach will give agencies confidence that when they distribute sensitive
information to other agencies it will be properly safeguarded.
B2. Key points for transition
Agencies are to adopt practices for labelling and handling sensitive information in accordance
with these Guidelines by 1 January 2014.
These Guidelines are consistent with GIPAA, PPIPA, HRIPA and the State Records Act 1998
(NSW).
Agencies holding Commonwealth classified information are to continue to handle that
information in accordance with the Commonwealth PSPF.
Agencies are not to create their own labelling schemes beyond what is outlined in these
Guidelines, but they may adopt more stringent handling procedures, potentially based on PSPF
requirements, if they consider it appropriate.
Agencies are not expected to review all their existing information holdings and label or re-label
them.
Most documents labelled under the previous NSW system can retain their existing labels,
providing staff are aware of the appropriate handling requirements.
31
B3. Frequently asked questions
1. What do we have to do by 1 January 2014?
From 1 January 2014:
All sensitive or classified materials must be handled according to the new system, and
Newly created sensitive or classified materials must be labelled and/or classified according
to the new system.
2. Do we have to review and re-label all our existing information holdings?
No.
Agencies should consider the nature of the information they handle and take a risk-based
approach to the application of new protective markings.
Appendix A provides a table mapping the most common existing labels to the new system for
classifying and labelling sensitive information. Using this table or incorporating it into agency
procedures can assist staff to handle older documents appropriately, without the need for re-
labelling.
3. What if our legacy materials are labelled with protective markings that are not supported in
the new system?
Agencies should make a risk-based decision about re-labelling according to their own systems and
resources. For example:
a specific group of legacy materials, information within a particular filing system or
database may be progressively re-labelled, according to agency guidelines / timelines
information could be reviewed and/or re-labelled only if it is requested or retrieved from a
storage area, or
materials may not be re-labelled; agency guidelines and training can enable staff to handle
materials appropriately (e.g. using the mapping table in Appendix A).
4. In which kinds of situations might review or re-labelling be required?
If an agency has previously applied labels and the same word is used for a DLM or security
classification in the new system (but with a different meaning), and there is potential for lack of
clarity or confusion, then re-labelling may be required subject to business needs.
In this scenario it is important to ensure that the content of the material matches the definitions in
the new system.
32
5. What happens to material labelled as “Protected” under the previous NSW system?
The previous NSW system had a category of “Protected”. Some of this material may not match the
current definition for the security classification of PROTECTED.
Agencies should consider the way they have applied this label in the past and whether information
content is likely to be considered PROTECTED under the new system. If so, the current labels can
be maintained. Agencies should ensure appropriate handling procedures are in place.
If the material does not warrant security classification, consider whether the material can be
mapped to the DLM Sensitive: NSW Government. This may require some form of re-labelling.
It is important that any material bearing the security classification PROTECTED should be handled
according to these Guidelines and relevant parts of the PSPF as appropriate.
6. Material that does not have a label – is it UNCLASSIFIED or FOUO or “Public”?
Newly created or unlabelled material is, by default, UNCLASSIFIED and should be stored and
handled according to NSW State Records standards and guidance and other NSW legislative and
regulatory requirements as appropriate.
This information may remain unlabelled, or it may be marked UNCLASSIFIED if required by agency
policy.
If it is determined the material contains sensitive information, use these Guidelines to identify the
appropriate protective marking.
“Public” is not an approved DLM. Agencies should consider whether UNCLASSIFIED material can be
proactively released under GIPAA.
7. Can agencies create DLMs to suit their specific needs?
No. Agencies must not create their own DLMs.
New Sensitive DLMs may be created by agencies when the following three conditions are met:
1. there is an specific agency need
2. there is no approved DLM which is appropriate for use, and
3. the new DLM is endorsed by the Information Security Steering Group.
Appendix A provides a table mapping the most common previous labels to the new system for
classifying and labelling sensitive information.
8. Can agencies create security classifications or caveats to suit their specific needs?
No. Agencies must use only approved security classifications and caveats, strictly in accordance
with these Guidelines and the relevant parts of the PSPF as appropriate.
33
APPENDIX C – Protective markings in use in NSW
PROTECTIVE MARKING
DESCRIPTION
DLM
SECURITY CLASSIFICATION
UNCLASSIFIED1 Information not requiring security classification.
For Official Use Only (FOUO)
May only be used on UNCLASSIFIED information, when its compromise may cause limited damage to national security, Australian Government agencies, commercial entities or members of the public.
Sensitive
For information where the secrecy provisions of enactments may apply and/or the disclosure of the information may be limited or prohibited under legislation.
Sensitive: Personal
May be used for information that is sensitive personal information (aligned with the definition of ‘sensitive information’ in the Privacy Act 1988 (Commonwealth))
2.
Sensitive: Legal
May be used for any information that may be subject to legal professional privilege.
Sensitive: NSW Government Compromise of the information could cause damage to the NSW Government, NSW Government agencies, commercial entities or members of the public.
Sensitive: NSW Cabinet May be used for sensitive NSW Cabinet documents.
Sensitive: Cabinet PROTECTED May be used for sensitive Commonwealth Cabinet documents.
PROTECTED Compromise of the information could cause damage to the Australian Government, commercial entities or members of the public. May be used with a caveat.
CONFIDENTIAL Compromise of the information could cause damage to national security. May be used with a caveat.
SECRET Compromise of the information could cause serious damage to national security, the Australian Government, nationally important economic and commercial interests, or threaten life. May be used with a caveat.
TOP SECRET Compromise of the information could cause exceptionally grave damage to national security. May be used with a caveat.
Interpretation
‘Australian Government’ does not refer to the NSW State Government, nor other State or Territory governments.
This table does not list caveats, which may be used in conjunction with security classifications – in accordance with these Guidelines and the PSPF.
1 UNCLASSIFIED is not a protective marking; it is used by convention to describe official information that is not
expected to cause harm and does not require a security classification. This information may remain unmarked, however, it may be marked UNCLASSIFIED if required. 2 This DLM references Commonwealth legislation, but additional DLMs referencing equivalent NSW legislation may be
created if there is a need, with agreement from the Steering Group, and pursuant to these Guidelines. Sensitive information can include:
a) information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, or criminal record;
b) personal information; c) health information about an individual; d) genetic information about an individual that is not otherwise health information; e) biometric information that is to be used for the purpose of automated biometric verification or biometric
identification; or f) biometric templates.
34
APPENDIX D – Business Impact Levels
1 (LOW) 2 (MEDIUM) 3 (HIGH)
e.g. PROTECTED LEVEL 4 (VERY HIGH)
e.g. CONFIDENTIAL LEVEL 5 (EXTREME)
e.g. SECRET LEVEL 6 (CATASTROPHIC)
e.g. TOP SECRET LEVEL
Could be expected to harm government agency operations, commercial
entities or members of the public by:
Could be expected to cause limited damage to national security, government agency
operations, commercial entities or members of the public by:
Could be expected to damage government agency operations, commercial entities or members
of the public by:
Could be expected to damage national security by:
Could be expected to seriously damage national security, government agency operations,
commercial entities or members of the public by:
Could be expected to cause exceptionally
grave damage to national security by:
causing a degradation in organisational capability to an extent and duration that, while the agency can perform its primary functions, the effectiveness of the functions is noticeably reduced
resulting in minor damage to agency assets
resulting in minor financial loss
minor harm to individuals - not resulting in physical injury such as minor breach of privacy or financial loss
undermining the financial viability of a minor Australia-based or Australian-owned organisation.
causing a significant degradation in organisational capability to an extent and duration that, while the agency can perform its primary functions—including national security type functions—the effectiveness of the functions is significantly reduced
resulting in significant harm to agency assets
resulting in significant financial loss
limited harm to individuals – could cause harm to individuals including injuries that are not serious or life threatening
causing damage to the operational effectiveness or security of Australian or allied forces—e.g. compromise of a logistics system causing re-supply problems without causing risk to life
causing embarrassment to diplomatic relations
disadvantaging a major Australian company
hindering the detection, impeding the investigation, or facilitating the commission of low-level crime—i.e. crime not defined in legislation as serious crime—or hindering the detection of serious crime
resulting in loss to Australian Government / public sector of $10 million, up to $100 million
undermining the financial viability of a major Australia-based or Australian-owned organisation, or
resulting in minor loss of confidence in government.
causing a severe degradation in or loss of organisational capability to an extent and duration that the agency cannot perform one or more of its primary functions
resulting in major harm to agency assets
resulting in major financial loss
endanger individuals – the compromise of information could lead to serious harm or potentially life threatening injury to an individual
disadvantaging a number of major Australian companies
impeding the investigation of, or facilitating the commission of, serious crime—as defined in legislation
resulting in short-term material damage to national finances or economic interests—to an estimated total of $100 million to $10 billion
causing material damage to international trade or commerce, directly and noticeably reducing economic growth in Australia, or
resulting in a major loss of confidence in government.
causing a severe degradation in or loss of organisational capability to an extent and duration that the agency cannot perform one or more of its national security functions
resulting in major harm to agency national security assets
endanger small groups of individuals – the compromise of information could lead to serious harm or potentially life threatening injuries to a small group of individuals
resulting in severe damage to the operational effectiveness or security of Australian or allied forces—e.g. compromise of the operational plans of units of company size or below in a theatre of military operations
materially damaging diplomatic relations—e.g. cause formal protest or other sanctions
disadvantaging Australia in international negotiations—e.g. advance compromise of Australian negotiation strategy or acceptable outcomes, in the context of a bilateral trade dispute
causing damage to Australian or allied intelligence capability, or
causing major, long-term impairment to the ability to investigate serious crime—as defined in legislation.
causing a severe degradation in or loss of organisational capability to an extent and duration that the agency cannot perform any of its national security functions
threaten life directly – the compromise of information could lead to loss of life of an individual or small group
threatening directly the internal political stability of Australia or friendly countries
causing exceptionally grave damage to the operational effectiveness or security of Australian or allied forces—e.g. compromise of the operational plans of units of battalion size or above in a theatre of military operations
raising international tension, or seriously damaging relations with friendly governments
severely disadvantaging Australia in international negotiations—e.g. advance compromise of Australian negotiation strategy or acceptable outcomes, in the context of a major WTO negotiating round
causing severe damage to Australian or allied intelligence capability
causing major, long-term impairment to the ability to investigate serious organised crime—as defined in legislation
causing major, long-term damage to the Australian economy—to an estimated total in excess of $20 billion
causing major, long-term damage to global trade or commerce, leading to prolonged recession or hyperinflation in Australia, or
threatening directly the internal stability of Australia or friendly countries leading to widespread instability.
resulting in the collapse of internal political stability of Australia or friendly countries
leading directly to widespread loss of life – the compromise of information could lead to the death of a large number of people
directly provoking international conflict, or
causing exceptionally grave damage to relations with friendly governments.
35
APPENDIX E – Classification and labelling content examples
DLMs
FOUO Sensitive Sensitive: Personal Sensitive: Legal Sensitive: NSW Government
Sensitive: NSW Cabinet Sensitive: Cabinet
- A tender response. - Private citizen submission to an agency outlining opposition to a new business opening in the community.
- Information which may not be disclosed due to a legal sanction.
- Employee file including information regarding health status.
- Legal advice provided to the agency. - Document outlining agency legal concerns provided to legal advisers. - Notes of a meeting to advise of a response to a threat of legal action against the agency.
- Internal brief reflecting on interests of a group of community members, provided to government in confidence. - Police report regarding a low level investigation.
- Business lists, minutes, submissions or memoranda that have been or are proposed to be submitted to the NSW Cabinet.
- Business lists, minutes, submissions or memoranda that have been or are proposed to be submitted to the Commonwealth Cabinet.
Security classifications
UNCLASSIFIED
PROTECTED CONFIDENTIAL SECRET TOP SECRET
- Official information not needing security classification.
- Commonwealth brief relating to negotiations with States on funding.
- Commonwealth report on emerging security threats to Australia.
- Background information on a new military purchase for the Australian Defence Force.
- Highly sensitive, strategic report on covert deployment of a new military capability.
36
APPENDIX F – Aligning control and handling requirements
Situations may arise where there are differences between the requirements for control and/or handling in
these Guidelines and what is set out in the PSPF (as updated from time to time).
This table provides courses of action for specific scenarios.
Scenario Course of action
Information has a DLM and a security classification,
which control and/or handling requirements apply?
The requirements in the PSPF regarding the relevant
security classification take precedence to the extent of any
inconsistency.
The document has a DLM, and there is an
inconsistency between a mandatory control and/or
handling requirement in these Guidelines and the
PSPF, and the document was created by the NSW
Government and/or primarily relates to the
operation of the NSW Government.
Which requirement applies?
The requirements in these Guidelines take precedence to
the extent of any inconsistency.
The document has a DLM, and there is an
inconsistency between a mandatory control and/or
handling requirement in these Guidelines and the
PSPF, and the document was created by the
Commonwealth and/or primarily relates to the
operation of the Commonwealth.
Which requirement applies?
The requirements in the PSPF take precedence to the
extent of any inconsistency.
The PSPF is silent on an aspect of control and/or
handling, but these Guidelines have specific
requirements, do the requirements in these
Guidelines have to be met?
These Guidelines take precedence in relation to that aspect
of control and/or handling and have to be met.
The PSPF has a recommendation (e.g. using ‘can’ or
‘should’) regarding an aspect of control and/or
handling, but the Guidelines have a mandatory
requirement in relation to that same aspect, which
takes precedence?
If the document was created by the NSW Government
and/or primarily relates to the operation of the NSW
Government, the mandatory requirement in these
Guidelines takes precedence.
Otherwise, the PSPF recommendation takes precedence.
37
APPENDIX G – Resources
Further to the key documents listed in section 2.6, the following table provides a list of other resources
which may influence information security classification and labelling procedures.
Issuer Reference Document name
Commonwealth Australian Government Protective Security Policy Framework (PSPF) – documents map
Commonwealth As updated (version 1.0, 18 July 2011)
Information security management guidelines – Australian Government security classification system
Commonwealth As updated (version 1.0, 21 June 2011)
Protectively marking and handling sensitive and security classified information
Commonwealth As updated (version 1.5, 6 June 2010)
Australian Government Protective Security Policy Framework – Securing Government business
Commonwealth As updated (version 1.0, 21 June 2011)
Protective Security Governance Guidelines – Business Impact Levels
Commonwealth Current version, as updated Physical security management guidelines
Commonwealth 2012 (as updated) Information Security Manual
Commonwealth Current version in effect, as amended
Privacy Act 1988 (Commonwealth)
NSW Government Current version in effect, as amended
NSW Digital Information Security Policy
NSW Government Current version in effect, as amended
Health Records and Information Privacy Act 2002 (NSW)
NSW Government Current version in effect, as amended
Privacy and Personal Information Protection Act 1998 (NSW) (PPIPA)
NSW Government Current version in effect, as amended
Government Information (Public Access) Act 2009 (NSW) (GIPAA)
NSW Government Current version in effect, as amended
State Records Act 1998 (NSW)
NSW Government Current version in effect, as amended
Court Information Act 2010 (NSW)
NSW Department of Finance and Services
Version 1.2, 30 June 2011 NSW Guide to Labelling Sensitive Information 2011 (previous system in NSW)
NSW Department of Finance and Services
NSW Government ICT Strategy
38
NSW Department of Premier and Cabinet
Cabinet Conventions: NSW Practice
NSW Department of Premier and Cabinet
7 June 2006 M2006-08 Maintaining Confidentiality of Cabinet Documents and Other Cabinet Conventions
NSW Department of Premier and Cabinet
30 July 2007 M2007-13 Release of NSW Government Security Sensitive Information to Third Parties
NSW Department of Premier and Cabinet
30 September 2008 M2008-17 NSW Policy and Guidelines for Protecting National Security Information
NSW Department of Premier and Cabinet
As updated (June 2011) Ministerial Handbook
39
APPENDIX H – Glossary
The following glossary provides definitions for terms that are not otherwise explained in the text of the
Guidelines.
Accountable Material In these Guidelines the term Accountable Material means particularly
sensitive information requiring strict access and movement control.
Such items are recorded in a central register in each holding
organisation.
Clear desk policy The term Clear desk policy means that items with a protective marking
must be secured when unattended and their content always
unobservable to people without the Need to know.
Commonwealth Refers to the Australian Government, and includes Australian
Government agencies.
Damage Damage referred to in these Guidelines may be financial, commercial
or reputational damage to any NSW Government agency, the NSW
Government, the Australian Government, or an Australian Government
agency.
Infrequent The term Infrequent means no more than one transmission per month
within or from a site.
National security information Official information whose compromise could affect the security of the
nation.
National security information could include information about security
threats from espionage, sabotage, politically motivated violence,
promotion of communal violence, attacks on Australia’s defence, acts
of foreign interference or serious organised crime, as well as the
protection of Australia’s borders.
40
Need to know The term Need to know means that access to information should be
limited to those that need to know or use it. It is applied at the level of
specific individuals and applies to all types of sensitive information.
Agencies should take all reasonable and appropriate precautions to
ensure that only people with a proven need to know gain access to
sensitive and security classified information.
People are not entitled to access information merely because it would
be convenient for them to know or because of their status, position,
rank or level of authorised access.
Safe hand Carriage of protectively marked information by Safe hand means it is
despatched to the addressee in the care of an authorised officer or
succession of authorised officers who are responsible for its carriage
and safekeeping (see the PSPF for guidance).
Secure area The term Secure area means a work area to which physical access is
controlled and all visitors, whether working for the agency or not, are
escorted.
An office area may be a secure area.
Central register A central record is to be maintained of all persons having access to any
information marked TOP SECRET or Accountable Material.
This register is separate from any movement record which forms part
of the document or file (see the PSPF for guidance).
UNCLASSIFIED Official information that is not expected to cause harm and does not
require a security classification; it may be unlabelled or it may be
marked UNCLASSIFIED.
UNCLASSIFIED is not a protective marking or a security classification.
This type of information represents the bulk of official information.