1. No category

NSW Government Information Classification and

NSW Government Information
Classification and Labelling Guidelines
v1.1
October 2013
Contact
[email protected]
Strategic Policy Branch
Department of Finance and Services
Level 15, McKell Building
2-24 Rawson Place
SYDNEY NSW 2000
Table of contents
1
2
3
4
Document control
5
1.1
Document approval
5
1.2
Document version control
5
1.3
Review date
5
Introduction
6
2.1
Purpose
6
2.2
Scope
6
2.3
Background
7
2.4
Superseded NSW guidance
8
2.5
Information Management Framework
8
2.6
Related guidance
8
NSW system for classification and labelling
9
3.1
UNCLASSIFIED material
9
3.2
Protective markings
9
3.3
Who applies protective markings?
11
3.4
What is protectively marked?
11
3.5
When are protective markings applied?
11
3.6
How are protective markings applied?
12
3.7
Agency classification and labelling policy and procedures
13
3.8
Receiving Commonwealth information
14
Applying dissemination limiting markers (DLMs)
15
4.1
When to use DLMs
15
4.2
Creation of new DLMs
15
4.3
Control and handling of DLM information
16
ii
4.4
4.5
4.6
4.7
5
6
FOUO – Sensitive – Sensitive: Personal – Sensitive: Legal
16
4.4.1
Preparation and handling
16
4.4.2
Removal and auditing
17
4.4.3
Copying, storage and disposal
17
4.4.4
Manual transmission
18
4.4.5
Electronic transmission
18
Sensitive: NSW Government
19
4.5.1
Removal and auditing
19
4.5.2
Copying, storage and disposal
20
4.5.3
Manual transmission
20
4.5.4
Electronic transmission
21
Sensitive: NSW Cabinet
21
4.6.1
22
Copying, storage and disposal
Sensitive: Cabinet
22
Applying security classifications
23
5.1
Control and handling of classified information
23
5.2
PROTECTED
23
5.3
CONFIDENTIAL
23
5.4
SECRET
24
5.5
TOP SECRET
24
Applying caveats
26
6.1
When to use caveats
26
6.2
Removing caveats
26
6.3
Codewords
26
6.4
Source codewords
27
6.5
Eyes Only
27
6.6
Australian Government Access Only (AGAO)
27
iii
6.7
Releasable to
27
6.8
Special handling caveats
28
6.9
Accountable Material
28
APPENDIX A – Suggested mapping
29
APPENDIX B – Transition guidance
30
B1.
A consistent approach
30
B2.
Key points for transition
30
B3.
Frequently asked questions
31
APPENDIX C – Protective markings in use in NSW
33
APPENDIX D – Business Impact Levels
34
APPENDIX E – Classification and labelling content examples
35
APPENDIX F – Aligning control and handling requirements
36
APPENDIX G – Resources
37
APPENDIX H – Glossary
39
iv
1
Document control
1.1
Document approval
Name & Position
1.2
1.3
Signature
Date
Document version control
Version
Status
Date
Prepared by
Comments
0.1
Consultation Draft
28 May 2013
DFS
Initial draft.
0.2
Consultation Draft
5 July 2013
DFS
Updated to reflect preferred options.
0.3
Draft
24 July 2013
DFS
Updated after input from the
Information Security Steering Group
and the Classification & Labelling
Working Group.
0.4
Draft
30 August 2013
DFS
Further updated version taking in
comments from DPC et al.
1.0
Final
September
2013
DFS
Final additional comments taken in.
1.1
Final
October 2013
DFS
Updated to reflect changes to the PSPF
Business Impact Levels (BILs), and
consequential minor amendments,
affecting 3.6, 5.2, 5.3, 5.4, 5.5, 6.7 and
Appendix D.
Review date
These Guidelines will be reviewed in July 2015.
They may be reviewed earlier in response to post-implementation feedback or as necessary.
5
2
Introduction
2.1
Purpose
The NSW Government Digital Information Security Policy outlines the NSW Government’s
commitment to transitioning to a system for classifying and labelling sensitive information in a
manner that is consistent with the Commonwealth security classification system (“the
Commonwealth system”).
This document provides guidance to help NSW government agencies:
maximise consistency with the Commonwealth system, and
minimise the resources required for transition to the new system.
Sensitive information labelled or classified on or after 1 January 2014 must comply with the
system outlined in these Guidelines, including the protective markings listed.
These Guidelines outline an approach that is consistent with the Information security management
guidelines – Australian Government security classification system, which supports the
Commonwealth Protective Security Policy Framework (PSPF).
2.2
Scope
These Guidelines support the implementation of the NSW Government Digital Information Security
Policy. In accordance with the scope and objectives of the policy, this guidance applies to the
classification, labelling and handling of sensitive information in any format, including records in
physical and digital format.
These Guidelines and their requirements are mandatory for all NSW government agencies with
regard to classifying and labelling sensitive information.
However, individual agencies are responsible for applying protective markings and may develop
their own internal agency policies, plans and procedures for classifying and labelling sensitive
information, as required, and in line with these Guidelines.
Agencies must refer to the relevant requirements in the PSPF for classifying and handling security
classified information, i.e. PROTECTED, CONFIDENTIAL, SECRET, and TOP SECRET – particularly in
relation to information affecting national security.
These Guidelines do not affect or alter existing legal and regulatory requirements under
Commonwealth or NSW State legislation, including under: the Government Information (Public
Access) Act 2009 (NSW) (GIPAA), the Privacy and Personal Information Act 1998 (NSW) (PPIPA), the
6
Health Records and Information Privacy Act 2002 (NSW) (HRIPA) and the State Records Act 1998
(NSW). Existing privacy principles applicable under State and/or Commonwealth legislation
continue to apply to the handling of information.
Where an agency engages a contractor or third party provider, the agency is responsible for
ensuring the contractor or third party provider complies with these Guidelines.
These Guidelines are based on, and directly reproduce in part, the text of the Commonwealth
system and PSPF. For readability, where text from the Commonwealth system is reproduced
neither specific attribution, nor quotation marks, are provided.
Terms not explained in the text of the Guidelines are defined in the Glossary at Appendix H.
2.3
Background
The NSW Government approach to classifying and labelling sensitive information has been
reviewed to align with the Commonwealth system.
Sharing information between State and Commonwealth agencies can support the delivery of
emergency services, enable more effective law enforcement and contribute to national security
operations.
Implementing consistent methods of classification and labelling allows sensitive information to be
securely shared across jurisdictions, with confidence that the information will be handled and
protected according to its sensitivity.
These Guidelines have been developed to:
provide a consistent and structured approach to the classification and labelling of sensitive
information to be used by all NSW agencies
allow for integration between the existing sensitive information labels in NSW and the
information security classification markings used by the Commonwealth
provide guidance for NSW agencies in transitioning to the system outlined in these
Guidelines
assist agencies in identifying security classified or sensitive information, and in applying
appropriate protective markings to this information
clarify where classification and labelling systems overlap, and
encourage better practices in protective security procedures by all NSW agencies.
7
2.4
Superseded NSW guidance
These Guidelines supersede C2002-69 NSW Guide to Labelling Sensitive Information 2011 Version
1.2 (30/6/2011).
Information labelled or classified before 1 January 2014 should not be re-labelled or re-classified
unless specifically required due to a business or operational need. Most documents labelled under
the previous system can retain their existing labels, providing staff are aware of the appropriate
handling requirements.
Appendix A provides a table showing how to map the most common existing labels to the new
system for classifying and labelling sensitive information. Additional guidance for transitioning
from the previous system to the system outlined in these Guidelines is at Appendix B.
2.5
Information Management Framework
These Guidelines form part of the Information Management Framework. A key initiative of the
NSW Government ICT Strategy is the development of an Information Management Framework to
support the way government administers and uses data and information.
The Framework is a set of standards, policies, guidelines and procedures that enable data and
information to be managed in a secure, structured and consistent manner.
It ensures that data and information can be appropriately shared or re-used by agencies, individual
public sector staff, the community or industry for better services, improved performance
management and a more productive public sector.
2.6
Related guidance
These Guidelines should be read with other guidance on classification, labelling and handling,
namely:
the NSW Digital Information Security Policy
the Information security management guidelines – Australian Government security
classification system (from the PSPF) – setting out the Commonwealth system
the Physical security management guidelines (from the PSPF)
agencies’ existing policies and procedures for labelling, classifying and handling sensitive
information, and
legal and regulatory requirements in relation to information classification, labelling and
handling.
Details of other policies and legislation affecting these Guidelines can be found at Appendix G.
8
3
NSW system for classification and labelling
3.1
UNCLASSIFIED material
Most information handled by NSW government agencies is of low sensitivity and requires only
limited protection. Where the information does not require a security classification it may be
marked UNCLASSIFIED if required by agency policy.
UNCLASSIFIED is not a protective marking or a security classification. UNCLASSIFIED may be used in
conjunction with a DLM.
UNCLASSIFIED is used by convention to describe official information that is not expected to cause
harm and does not require a security classification.
Newly created or unlabelled material is by default UNCLASSIFIED and should be stored and
handled according to NSW State Records standards and guidance and other NSW legislative and
regulatory requirements as appropriate.
Material created on or after 1 January 2014 is regarded as unlabelled and UNCLASSIFIED where no
protective marking is used.
3.2
Protective markings
There are three categories of protective markings: dissemination limiting markers (DLMs), security
classifications and caveats, and details of each category are set out below.
Specific definitions of each protective marking are set out at Appendix C.
9
Category
Description
Dissemination Limiting
Information that does not meet the criteria for security classification but which
Marker (DLM)
requires some lower level of protection can be labelled with a dissemination
limiting marker (DLM).
DLMs are markings for information where disclosure may be limited or prohibited
by legislation, or where it may otherwise require special handling.
The Commonwealth system includes five DLMs:
For Official Use Only (FOUO)
Sensitive
Sensitive: Personal
Sensitive: Legal, and
Sensitive: Cabinet
In NSW, two additional DLMs are used under these Guidelines:
Sensitive: NSW Government
Sensitive: NSW Cabinet
Security classification
Used to protect the most sensitive government information.
The Australian Government system includes four classifications:
PROTECTED
CONFIDENTIAL
SECRET, and
TOP SECRET
Each level of classification reflects the consequences of unauthorised disclosure
and has strict handling and security clearance requirements.
Security classifications have been the subject of a memorandum of understanding
between the NSW and Commonwealth Governments.
NSW agencies that handle information requiring security classification must
manage this information in accordance with Commonwealth requirements. Only a
small number of agencies deal with information at this level.
Security classifications CONFIDENTIAL, SECRET and TOP SECRET are to be
regarded as national security classifications under these Guidelines.
10
Category
Description
Caveat
Certain information may bear a security caveat in addition to a security
classification or label. The caveat is a warning that the information has special
non-disclosure requirements in addition to those indicated by the protective
marking.
Caveats cannot be applied to unlabelled or UNCLASSIFIED information.
The Commonwealth system identifies seven categories of caveats:
codewords
source codewords
Eyes Only
Australian Government Access Only
Releasable to
special handling caveats, and
Accountable Material
3.3
Who applies protective markings?
The person responsible for preparing the information – or for actioning information produced
outside of the State or Commonwealth Government – is to decide its protective marking. This
person is called the originator.
Agencies are to advise all employees, including contractors, who use this system of classifications
and labels on its proper use.
3.4
What is protectively marked?
Protective markings can be applied to information in any format, medium or resource. This
includes paper files or documents, digital files or documents, information assets, datasets,
infrastructure, records management systems, magnetic or optical media, microforms, databases,
software applications, hardware and physical assets.
3.5
When are protective markings applied?
Apply protective markings, or UNCLASSIFIED, when the information is created or received – or as
soon as a high level of sensitivity becomes apparent.
An agency sending sensitive information to another government agency must label the
information in accordance with these Guidelines.
11
Information received from external sources should be evaluated upon receipt and protectively
marked in accordance with these Guidelines.
Protectively-marked information which is received from another government agency should be
handled in accordance with these Guidelines and the PSPF as appropriate.
3.6
How are protective markings applied?
An agency must first identify its information assets as part of broader information management
practice.
To apply these Guidelines, follow these steps.
STEP 1 – Determine whether the information requires protection
Determine….
Then consider….
If the information is already protected
The existing level of protection, and suggested mapping
using a pre-existing labelling or
from previous labels or classifications to current ones under
classification system, and if so, at what
these Guidelines (see Appendix A).
level?
What would be the impact if the
Potential damage caused by the release of the information.
information were released?
PSPF Business Impact Levels (BILs) can provide some
guidance in relation to security classified information
(reproduced from the PSPF at Appendix D)
Does the information contain anything
Whether the information requires a DLM or classification,
that is sensitive?
and at what level.
STEP 2 – Identify the appropriate level of protection
Consider the following when determining the level of protection:
principles of good information security practice
definitions of approved protective markings
impact levels of unauthorised disclosure or misuse of the information
proactive release of UNCLASSIFIED information
who created the information and who will need to access it, for example, consider the
security clearance levels of information creators, originators and recipients, and their
ability to access or protect information which is protectively marked
12
interoperability issues with different definitions/labels, and with the previous NSW
labelling system
removal and auditing
any limit on the duration of a classification; at what point it should be reviewed; and how
it can be downgraded
principles of good privacy management practice, Privacy by Design, and
issues that can result from over-classification, e.g. restrictions on copying, storage and
disposal, transmission and transfer of information (manual and electronic transmission –
e.g. information classified PROTECTED and above cannot be transmitted using standard
email systems, and cloud storage requires encryption).
STEP 3 – Avoid over-classification
NSW government agencies are expected to use a DLM or security classification only when there is
a clear and justifiable need to do so – when the consequences of information being compromised
warrant the expense of increased protection.
Over-classification can have a range of undesirable outcomes, including (from the PSPF):
unnecessary limitation of public access to information
unnecessary imposition of extra administrative arrangements and additional cost
excessively large volumes of protected information, which is harder for an agency to
protect, or
devaluing of protective markings, leading to these labels being ignored or avoided by
employees or receiving agencies.
Appendix E provides specific classification and labelling content examples.
3.7
Agency classification and labelling policy and procedures
Using these Guidelines, and other applicable information management standards and policy,
agencies may develop and apply their own internal policies and procedures for the maintenance of
appropriate levels of classification and labelling.
Under the NSW Digital Information Security Policy, agencies must have an internal information
security policy, which may include agency-specific procedures for labelling and handling sensitive
information. Agency policies must be consistent with the NSW Digital Information Security Policy,
these Guidelines, and relevant parts of the PSPF as required.
13
Use agency policies to identify:
who is responsible for information classification and labelling
who is responsible for the policies and procedures governing the alteration of protective
markings
what information requires classification and labelling, and
any unique procedures for handling that information and complying with legislation.
Agencies must determine specific events or dates for declassification on the basis of an
assessment of the duration of the information’s sensitivity, and regularly review the level of
protective marking applied to information. This must be done in accordance with an agency’s
internal policy and procedures.
In developing internal policies and procedures, agencies must ensure principles of good
information security practice are applied:
sensitive information should only be released to organisations and individuals with a
demonstrated need to know
information is to be stored and processed away from public access
the removal of information from agency premises is on the basis of identified need
disposal of information is by secure means, and
transmission and transfer of information is to be by means which deter unauthorised
access.
3.8
Receiving Commonwealth information
NSW agencies handling DLM information which:
was created by a Commonwealth agency, and/or
primarily relates to the operation of the Commonwealth or a Commonwealth agency,
are required to comply with the procedures set out in the PSPF regarding the application, removal,
transfer, receipt and destruction of that information.
For all security classified information, NSW agencies are required to control and handle the
information according to the relevant procedures set out in the PSPF – regardless of whether the
information originates in NSW or the Commonwealth.
It is the responsibility of the sender of information to ensure that security classified documents are
protected appropriately.
14
4
Applying dissemination limiting markers (DLMs)
4.1
When to use DLMs
DLMs are used where disclosure may be limited or prohibited by legislation, or where it may
otherwise require special handling. DLMs can be used:
on their own, or
in conjunction with a security classification.
The exception is FOUO – this may only be used with UNCLASSIFIED information.
In a situation where a document has multiple types of information, or information at more than
one sensitivity level of DLM or classification, the document must be labelled and/or classified as
per the information of the highest level of sensitivity within that document. This principle also
applies where a container has information of varying levels of sensitivity within it.
The presence or absence of a protective marking will not affect a document’s status under GIPAA,
PPIPA and HRIPA.
GIPAA mandates an open, accountable, transparent approach to proactive information disclosure
for NSW Government. GIPAA helps to ensure that access to government information is restricted
only when there is an overriding public interest against disclosure. The ‘public interest’ test is the
principle underpinning the procedures outlined in GIPAA.
4.2
Creation of new DLMs
In normal circumstances agencies must not create their own DLMs, security classifications or
caveats. Under these Guidelines new Sensitive DLMs may be created by agencies when the
following three conditions are met:
1. there is a specific agency need
2. there is no approved DLM which is appropriate for use, and
3. the new DLM is endorsed by the Information Security Steering Group.
The Information Security Steering Group is made up of members of the Information Security
Community of Practice, which is established under the NSW Digital Information Security Policy.
This Steering Group approves the creation of new DLMs, and oversights their management. Where
new DLMs are approved by the Steering Group, by default the requirements for control,
preparation and handling as set out in relation to Sensitive information apply to the new DLMs –
subject to any additions or modifications as approved by the Steering Group.
15
These Guidelines do not prevent agencies, on the basis of internal processes, policies and
procedures, using other agency-specific markers – for example in round brackets after a DLM. This
practice should only be used in conjunction with approved DLMs and/or security classifications.
4.3
Control and handling of DLM information
These Guidelines set out minimum control and handling requirements for DLMs, and additional
guidance is provided by the PSPF in Information security management guidelines – Protectively
marking and handling sensitive and security classified information.
Where there is potential ambiguity in interpreting the control or handling requirements in these
Guidelines, refer to principles outlined in the NSW Digital Information Security Policy, in particular
the need to take a risk-based approach.
Situations may arise where there are differences between the requirements for control and/or
handling in these Guidelines and what is set out in the PSPF (as updated from time to time).
Appendix F addresses specific scenarios where control and handling requirements under these
Guidelines intersect with the PSPF.
4.4
FOUO – Sensitive – Sensitive: Personal – Sensitive: Legal
4.4.1
Preparation and handling
Marking
centre of top and bottom of each page
markings should be in bold text and a minimum of 5mm high (preferably red stamp)
the label on a file cover or container must be at least equal to the label on the most
sensitive item in the file or container
paragraph markings, where adopted, should appear in a consistent position such as at the
end of each paragraph (refer to the PSPF for guidance on applying paragraph markings),
and
electronic and other documents should include their sensitivity label in their metadata as
appropriate.
Numbering
page and/or paragraph numbering is desirable.
Filing and media labels
front and back file covers and media labels to be marked Sensitive in large letters and
an agency may reserve specific colours for file covers and media labels covering Sensitive
items.
16
Disclosure/access
need to know, and
only in accordance with legislative and administrative requirements.
4.4.2
Removal and auditing
Removal of documents or files
basis of real need, e.g. a meeting
removal must be authorised by a supervisor (or equivalent) who should be satisfied that
the removing officer is aware of the potential risks involved and that he or she is
responsible for its safe custody at all times, and
ensure adequate custodial arrangements, including overnight storage.
Audits
determined on the basis of agency requirements.
4.4.3
Copying, storage and disposal
Copying
may be prohibited by originator, and
to be kept to a minimum in keeping with operational requirements.
Physical safe-keeping — minimum standards
‘clear desk’ policy
hard copy and any form of unencrypted removable electronic media must be held in a
commercial-grade locked container or a secure area, and
servers and associated devices processing or storing Sensitive data must be sited in
appropriately secure facilities – the Commonwealth Information Security Manual (ISM)
provides a guide.
Electronic storage
Agencies should conduct a risk assessment to determine whether sensitive information should be
encrypted when stored in any laptop or on a removable PC hard drive or storage device. If
encryption is used, it must be performed using a method approved by the agency security plan.
Disposal
Transfer in accordance with the State Records Act 1998 (NSW); or if not required, then records
destruction should be authorised under current retention and disposal authorities and be carried
out after minimum retention periods have been met:
paper items only: destroy by appropriate method or contract approved in the agency
security plan; or
17
for all other media: consult the information security officer and ensure appropriate
deletion, destruction or sanitisation processes are used.
Records should be destroyed in ways that ensure that they cannot be recovered or reconstituted.
Destruction should be documented and contractors used for destruction should provide
certificates of destruction.
Records required as State archives in current retention and disposal authorities should be
transferred to State Records NSW as appropriate.
Note: State records in any form may only be disposed of in accordance with Part 3 of the State
Records Act 1998 (NSW), PPIPA and HRIPA.
4.4.4
Manual transmission
Within a single physical location
A single sealed opaque envelope that indicates the DLM, delivered by the agency’s internal mail
system.
May be passed, uncovered, by hand within a secure area provided it is transferred directly
between people with the need to know and there is no opportunity for any unauthorised person
to view the information.
Transfer between establishments
Single sealed opaque envelope that does not indicate the sensitivity of the information; receipt at
discretion of the originator AND one of the following:
passed by hand between people who have the need to know
delivered securely by an overnight courier that is endorsed in line with the agency security
plan, or
delivered by Australia Post, State Mail Service or a DX service.
4.4.5
Electronic transmission
Telephone, VoIP, facsimile and video conference equipment
Information may be passed unencrypted over an agency’s private communications system
provided it is contained within a single site and uses only wire line or fibre optic bearers (that is,
with no microwave, cellular telephone, wireless LAN or similar radio frequency links).
If transmission is regular or frequent, agencies should conduct a risk assessment to determine
whether encryption is appropriate for communications between sites or within sites using other
than wire line or fibre optic transmission.
18
Data transmissions and email
infrequent transmissions may be made without special controls, and
agencies should consider encryption based on a risk assessment; suitable email encryption
products may be found, for example, on the Australian Signals Directorate’s (ASD’s)
Evaluated Products List (EPL).
Computer networks
should only be connected to public networks (including the internet) using appropriate
network connection control and / or routing control, on the basis of a risk assessment.
4.5
Sensitive: NSW Government
The Sensitive: NSW Government protective marking is used when the compromise of the
information could cause damage to the NSW Government, commercial entities or members of the
public. For instance, where compromise could:
endanger individuals and/or private entities
work substantially against state or national finances or economic and commercial interests
substantially undermine the financial viability of major organisations
impede the investigation or facilitate the commission of serious crime, or
seriously impede the development or operation of major government policies.
Information that was previously labelled as PROTECTED under the NSW labelling system may
translate to the DLM Sensitive: NSW Government.
Sensitive: NSW Government may also be abbreviated to Sensitive: NSW Govt.
Note: All control and handling requirements for Sensitive information apply to Sensitive: NSW
Government information – with the following additions and modifications.
4.5.1
Removal and auditing
Removal of documents or files
must be in personal custody of individual and when not in use kept in a locked container,
and
removal must be authorised by a manager (or equivalent) responsible for the business unit
that is custodian of the information.
Audits
it is good security practice to establish a program of spot checks of information at this
level.
19
4.5.2
Copying, storage and disposal
Disposal
Transfer in accordance with the State Records Act 1998 (NSW); or if not required, then records
destruction should be authorised under current retention and disposal authorities and be carried
out after minimum retention periods have been met:
paper items only: destroy by shredding
electronic media and equipment: must undergo sanitisation (the Commonwealth ISM
provides a guide), and
if ‘Accountable Material’: under supervision of two officers who must supervise the
removal of the material to the point of destruction, ensure that destruction is complete
and sign a certificate of destruction.
Records should be destroyed in ways that ensure that they cannot be recovered or reconstituted.
Destruction should be documented and contractors used for destruction should provide
certificates of destruction.
Records required as State archives in current retention and disposal authorities should be
transferred to State Records NSW as appropriate.
Note: State records in any form may only be disposed of in accordance with Part 3 of the State
Records Act 1998 (NSW), PPIPA and HRIPA.
4.5.3
Manual transmission
Within a single physical location
Single sealed opaque envelope that indicates the DLM; receipt at the discretion of the originator
AND:
passed by hand between people who have the need to know, or
placed in a locked container and delivered direct, by hand, by an authorised messenger.
May be passed, uncovered, by hand within a discrete office environment provided it is transferred
directly between members of staff with the need to know and there is no opportunity for any
unauthorised person to view the information.
Transfer between establishments
single sealed opaque envelope that does not give any indication of the classification AND
placed in a locked container and delivered direct, by hand, by an authorised messenger
AND receipt required, or
20
double, sealed envelope AND receipt required AND delivered securely by an overnight
courier that is endorsed in line with the agency security plan using the safe hand level of
service.
Where personal or health information is being transferred, it is also necessary to comply with the
requirements of PPIPA and HRIPA respectively.
4.5.4
Electronic transmission
Telephone, fax and video conference equipment
Information may be passed in clear over an agency’s private communications system contained
within a single site, using wire line or fibre optic bearers having a low probability of interception or
where Sensitive: NSW Government traffic is unpredictable and infrequent.
Between or within sites using other than wire line or fibre optic bearers, unless there is a low
probability of interception and Sensitive: NSW Government traffic is unpredictable and
infrequent, information must be encrypted, for example, by using products from ASD’s EPL.
Data transmissions and email
Unpredictable and infrequent Sensitive: NSW Government transmissions may be made without
special controls. Otherwise agencies should consider the use of appropriate encryption products,
for example, products from ASD’s EPL.
4.6
Sensitive: NSW Cabinet
This DLM that may be applied to sensitive NSW Cabinet documents, including:
any document including but not limited to business lists, minutes, submissions,
memoranda and matters without submission that are or have been submitted or proposed
to be submitted to the NSW Cabinet
official records of the NSW Cabinet, or
any other information that would reveal:
-
the deliberations or decisions of the NSW Cabinet, or
-
matters submitted, or proposed to be submitted to the NSW Cabinet.
Premier’s memorandum M2006-08 Maintaining Confidentiality of Cabinet Documents and Other
Cabinet Conventions describes the practice and convention of the confidentiality of NSW Cabinet
documents.
Sensitive: NSW Cabinet may be applied to NSW Cabinet documents and draft NSW Cabinet
documents, and they must be stored securely, and access should only be on a need to know basis.
21
Cabinet Conventions: NSW Practice details the importance of maintaining Cabinet confidentiality,
and the protections outlined therein continue to apply. Any Cabinet documents relating to
national security are to be classified accordingly. The Ministerial Handbook outlines handling
procedures for documents provided to NSW Cabinet.
To the extent of any inconsistency between these Guidelines, and guidance, policy or processes
issued by the NSW Department of Premier and Cabinet regarding the control or handling of
Sensitive: NSW Cabinet information, the latter prevail.
Note: In addition to the above, all control and handling requirements for Sensitive: NSW
Government information apply to Sensitive: NSW Cabinet, with the following additions and
modifications.
4.6.1
Copying, storage and disposal
Copying
copying Sensitive: NSW Cabinet documents is always prohibited.
4.7
Sensitive: Cabinet
This DLM is for Commonwealth Cabinet information – refer to the PSPF for requirements
regarding the application of this DLM, and in relation to control and handing.
Any use of this DLM is to be accompanied by a security classification of at least PROTECTED.
22
5
Applying security classifications
5.1
Control and handling of classified information
Refer to the PSPF for relevant requirements relating to the control and handling of security
classified information.
5.2
PROTECTED
The PROTECTED security classification is used when the compromise of the information could
cause damage to the Australian Government, commercial entities or members of the public. For
instance, where compromise could:
endanger individuals and private entities – the compromise of information could lead to
serious harm or potentially life threatening injury to an individual
work substantially against state or national finances or economic and commercial interests
substantially undermine the financial viability of major organisations
impede the investigation or facilitate the commission of serious crime, or
seriously impede the development or operation of major government policies.
For relevant control and handling requirements for PROTECTED information agencies are directed
to the PSPF and Information security management guidelines – Protectively marking and handling
sensitive and security classified information.
Personnel who access information that is classified at a level of PROTECTED or above should be
security-vetted.
Note: Information that was labelled as PROTECTED under the previous NSW system may not
translate to the Commonwealth definition of PROTECTED. The DLM Sensitive: NSW Government
may be more appropriate for NSW agencies to deal with sensitive information they hold.
5.3
CONFIDENTIAL
The CONFIDENTIAL security classification should be used when compromise of information could
cause damage to national security. For instance, where compromise could:
endanger small groups of individuals – the compromise of information could lead to
serious harm or potentially life threatening injuries to a small group of individuals
damage diplomatic relations – in other words, cause formal protest or other sanction
23
damage the operational effectiveness or security of Australian or allied forces
damage the effectiveness of valuable security or intelligence operations
disrupt significant national infrastructure, or
damage the internal stability of Australia or other countries.
For relevant control and handling requirements for CONFIDENTIAL information agencies are
directed to the PSPF and Information security management guidelines – Protectively marking and
handling sensitive and security classified information.
5.4
SECRET
The SECRET security classification should be used when compromise of information could cause
serious damage to national security, the Australian Government, nationally important economic
and commercial interests, or threaten life. For instance, where compromise could:
raise international tension
seriously damage relations with other governments
seriously damage the operational effectiveness or security of Australian or allied forces
seriously damage the continuing effectiveness of highly valuable security or intelligence
operations
threaten life directly – the compromise of information could reasonably be expected to
lead to loss of life of an individual or small group
seriously prejudice public order
substantially damage national finances or economic and commercial interests
shut down or substantially disrupt significant national infrastructure, or
seriously damage the internal stability of Australia or other countries.
For relevant control and handling requirements for SECRET information agencies are directed to
the PSPF and Information security management guidelines – Protectively marking and handling
sensitive and security classified information.
5.5
TOP SECRET
The TOP SECRET security classification requires the highest degree of protection as compromise of
information could cause exceptionally grave damage to national security. For instance, where
compromise could:
threaten directly the internal stability of Australia or other countries
24
lead directly to widespread loss of life – the compromise of information could reasonably
be expected to lead to the death of a large number of people
cause exceptionally grave damage to the effectiveness or security of Australian or allied
forces
cause exceptionally grave damage to the effectiveness of extremely valuable security or
intelligence operations
cause exceptionally grave damage to relations with other governments, or
cause severe long-term damage to the Australian economy.
Very little information warrants this marking and it should be used with the utmost restraint.
For relevant control and handling requirements for TOP SECRET information agencies are directed
to the PSPF and Information security management guidelines – Protectively marking and handling
sensitive and security classified information.
25
6
Applying caveats
6.1
When to use caveats
Certain security classified information, most notably some national security classified information,
may bear a security caveat in addition to a security classification. The caveat is a warning that the
information has special requirements in addition to those indicated by the protective marking.
Caveats are not used with DLMs and caveats are not used on their own without an accompanying
security classification. Caveats should not be used extensively in NSW.
People who need to know will be cleared and briefed about the significance of information bearing
caveats; other people are not to have access to this information.
The following categories of security caveat are used:
codewords
source codewords
Eyes Only
Australian Government Access only
Releasable to
special handling caveats, and
Accountable Material.
Modifications to wording of caveats may take place with the approval of the Information Security
Steering Group.
6.2
Removing caveats
Information bearing agency-specific caveats is to be re-labelled or appropriate procedures agreed
before release or transmission outside of that agency.
The prior agreement of the originating agency – in other words, the agency that originally placed
the caveat on the material – is required to remove a caveat. If the originating agency will not agree
to the removal of the caveat then the information cannot be released. The requirement to obtain
agreement of the originating agency to release the material cannot be the subject of a policy
exception under any circumstances.
6.3
Codewords
A codeword is a word indicating that the information it covers is in a special need to know
compartment.
It is often necessary to take precautions beyond those normally indicated by the security
classification to protect this information. These precautions will be specified by the organisation
26
that owns the information – for instance, those with a need to access the information will be given
a special briefing first.
The codeword is chosen so that its ordinary meaning is unrelated to the subject of the
information.
6.4
Source codewords
A source codeword is a word or set of letters used to identify the source of certain information
without revealing it to those who do not have a need to know.
6.5
Eyes Only
The Eyes Only (EO) marking indicates that access to information is restricted to certain groups or
jurisdictions, or nationalities in the case of national information, for instance:
AUSTEO means Australian Eyes Only
AUST/US EO means Australian and US Eyes Only, and
NSWEO means New South Wales Government Eyes Only.
Any information marked Eyes Only cannot be passed to or accessed by those who are not listed in
the marking. More information on Eyes Only is outlined in the PSPF.
6.6
Australian Government Access Only (AGAO)
In limited circumstances AGAO is used by the Department of Defence and the Australian Secret
Intelligence Organisation (ASIO). It means these agencies may pass information marked with the
AGAO caveat to appropriately cleared representatives of foreign governments on exchange or
long-term posting or attachment to the Australian Government.
6.7
Releasable to
The caveat RELEASABLE TO identifies information that has been released or is releasable to the
indicated foreign countries only – for example, REL GBR,NZL means that the information may be
passed to the United Kingdom and New Zealand only.
RELEASABLE TO markings are to employ the appropriate two letter country codes from the SAI
Global - ISO 3166-1 Alpha 3 Codes for the representation of names of countries and their
subdivisions.
27
6.8
Special handling caveats
A special-handling caveat is a collection of various indicators such as operation codewords,
instructions to use particular communications channels and EXCLUSIVE FOR (named person). This
caveat is usually used only within particular need to know compartments.
There are special requirements for some caveat or codeword information. These are determined
by the controlling agency and provided on a need to know basis.
6.9
Accountable Material
If strict control over access to, and movement of, particularly sensitive information is required,
originators can make this information Accountable Material. What constitutes Accountable
Material will vary from agency to agency, but could include Budget papers, tender documents and
sensitive ministerial briefing documents.
Accountable Material is subject to the following conditions:
the caveat ‘Accountable Material’ can be in bold print on the front cover of the material –
not necessary for Cabinet documents, TOP SECRET information or codeword material
it is to carry a reference and individual copy number – agencies could also consider making
each page accountable by numbering (for example, page 3 of 10), and placing the
document copy number on each page
it is to carry a warning such as: not to be copied without the prior approval of the
originator
it is only to be passed by hand or safe hand – if it is passed to another person, a receipt is
to be obtained, and
a central register is to be maintained of all persons having access to each accountable
document – this central register is separate from the movement record which forms part
of the document or file.
28
APPENDIX A – Suggested mapping
Suggested protective markings under these Guidelines
Business Impact
Levels
Previous NSW label
Dissemination Limiting Marker (DLM)
Listed in order of most to least likely.
No impact
Security classification
UNCLASSIFIED
Low to Medium
PERSONNEL-INCONFIDENCE
Sensitive: Personal
Sensitive: NSW Government
For Official Use Only (FOUO)
UNCLASSIFIED
Low to Medium
COMMERCIAL-INCONFIDENCE
For Official Use Only (FOUO)
Sensitive: NSW Government
UNCLASSIFIED
Low to Medium
CLIENT-IN-CONFIDENCE
Sensitive: Legal
Sensitive: NSW Government
For Official Use Only (FOUO)
UNCLASSIFIED
Low to Medium
SECURITY-INCONFIDENCE
Sensitive: NSW Government
For Official Use Only (FOUO)
UNCLASSIFIED
Low to Medium
STAFF-IN-CONFIDENCE
Sensitive: Personal
Sensitive: NSW Government
For Official Use Only (FOUO)
UNCLASSIFIED
High
CABINET-INCONFIDENCE
Sensitive: NSW Cabinet
UNCLASSIFIED
High
PROTECTED
Sensitive: NSW Government
High or Very high
HIGHLY PROTECTED
Sensitive: NSW Government
UNCLASSIFIED
PROTECTED
UNCLASSIFIED
PROTECTED
CONFIDENTIAL
SECRET
Extreme
SECRET
Catastrophic
TOP SECRET
29
APPENDIX B – Transition guidance
B1.
A consistent approach
NSW Government is committed to the adoption of best practice for information security as
outlined in the NSW Digital Information Security Policy. The NSW system is closely aligned with the
Commonwealth system, which has already been in use in some NSW Government agencies.
Agencies are to adopt practices for labelling and handling sensitive information in accordance with
these Guidelines by 1 January 2014, as they introduce consistent information security processes.
Labelling sensitive information is an essential part of information security and the international
standard AS/NZS ISO/IEC 27001:2005 Information technology – Security techniques – Information
security management systems – Requirements.
Adopting a consistent approach will give agencies confidence that when they distribute sensitive
information to other agencies it will be properly safeguarded.
B2.
Key points for transition
Agencies are to adopt practices for labelling and handling sensitive information in accordance
with these Guidelines by 1 January 2014.
These Guidelines are consistent with GIPAA, PPIPA, HRIPA and the State Records Act 1998
(NSW).
Agencies holding Commonwealth classified information are to continue to handle that
information in accordance with the Commonwealth PSPF.
Agencies are not to create their own labelling schemes beyond what is outlined in these
Guidelines, but they may adopt more stringent handling procedures, potentially based on PSPF
requirements, if they consider it appropriate.
Agencies are not expected to review all their existing information holdings and label or re-label
them.
Most documents labelled under the previous NSW system can retain their existing labels,
providing staff are aware of the appropriate handling requirements.
30
B3.
Frequently asked questions
1. What do we have to do by 1 January 2014?
From 1 January 2014:
All sensitive or classified materials must be handled according to the new system, and
Newly created sensitive or classified materials must be labelled and/or classified according
to the new system.
2. Do we have to review and re-label all our existing information holdings?
No.
Agencies should consider the nature of the information they handle and take a risk-based
approach to the application of new protective markings.
Appendix A provides a table mapping the most common existing labels to the new system for
classifying and labelling sensitive information. Using this table or incorporating it into agency
procedures can assist staff to handle older documents appropriately, without the need for relabelling.
3. What if our legacy materials are labelled with protective markings that are not supported in
the new system?
Agencies should make a risk-based decision about re-labelling according to their own systems and
resources. For example:
a specific group of legacy materials, information within a particular filing system or
database may be progressively re-labelled, according to agency guidelines / timelines
information could be reviewed and/or re-labelled only if it is requested or retrieved from a
storage area, or
materials may not be re-labelled; agency guidelines and training can enable staff to handle
materials appropriately (e.g. using the mapping table in Appendix A).
4. In which kinds of situations might review or re-labelling be required?
If an agency has previously applied labels and the same word is used for a DLM or security
classification in the new system (but with a different meaning), and there is potential for lack of
clarity or confusion, then re-labelling may be required subject to business needs.
In this scenario it is important to ensure that the content of the material matches the definitions in
the new system.
31
5. What happens to material labelled as “Protected” under the previous NSW system?
The previous NSW system had a category of “Protected”. Some of this material may not match the
current definition for the security classification of PROTECTED.
Agencies should consider the way they have applied this label in the past and whether information
content is likely to be considered PROTECTED under the new system. If so, the current labels can
be maintained. Agencies should ensure appropriate handling procedures are in place.
If the material does not warrant security classification, consider whether the material can be
mapped to the DLM Sensitive: NSW Government. This may require some form of re-labelling.
It is important that any material bearing the security classification PROTECTED should be handled
according to these Guidelines and relevant parts of the PSPF as appropriate.
6. Material that does not have a label – is it UNCLASSIFIED or FOUO or “Public”?
Newly created or unlabelled material is, by default, UNCLASSIFIED and should be stored and
handled according to NSW State Records standards and guidance and other NSW legislative and
regulatory requirements as appropriate.
This information may remain unlabelled, or it may be marked UNCLASSIFIED if required by agency
policy.
If it is determined the material contains sensitive information, use these Guidelines to identify the
appropriate protective marking.
“Public” is not an approved DLM. Agencies should consider whether UNCLASSIFIED material can be
proactively released under GIPAA.
7. Can agencies create DLMs to suit their specific needs?
No. Agencies must not create their own DLMs.
New Sensitive DLMs may be created by agencies when the following three conditions are met:
1. there is an specific agency need
2. there is no approved DLM which is appropriate for use, and
3. the new DLM is endorsed by the Information Security Steering Group.
Appendix A provides a table mapping the most common previous labels to the new system for
classifying and labelling sensitive information.
8. Can agencies create security classifications or caveats to suit their specific needs?
No. Agencies must use only approved security classifications and caveats, strictly in accordance
with these Guidelines and the relevant parts of the PSPF as appropriate.
32
APPENDIX C – Protective markings in use in NSW
PROTECTIVE MARKING
DLM
SECURITY
CLASSIFICATION
UNCLASSIFIED
1
For Official Use Only (FOUO)
Sensitive
Sensitive: Personal
Sensitive: Legal
Sensitive: NSW Government
Sensitive: NSW Cabinet
Sensitive: Cabinet
PROTECTED
PROTECTED
CONFIDENTIAL
SECRET
TOP SECRET
DESCRIPTION
Information not requiring security classification.
May only be used on UNCLASSIFIED information, when its compromise
may cause limited damage to national security, Australian Government
agencies, commercial entities or members of the public.
For information where the secrecy provisions of enactments may apply
and/or the disclosure of the information may be limited or prohibited
under legislation.
May be used for information that is sensitive personal information
(aligned with the definition of ‘sensitive information’ in the Privacy Act
2
1988 (Commonwealth)) .
May be used for any information that may be subject to legal
professional privilege.
Compromise of the information could cause damage to the NSW
Government, NSW Government agencies, commercial entities or
members of the public.
May be used for sensitive NSW Cabinet documents.
May be used for sensitive Commonwealth Cabinet documents.
Compromise of the information could cause damage to the Australian
Government, commercial entities or members of the public.
May be used with a caveat.
Compromise of the information could cause damage to national
security. May be used with a caveat.
Compromise of the information could cause serious damage to national
security, the Australian Government, nationally important economic
and commercial interests, or threaten life.
May be used with a caveat.
Compromise of the information could cause exceptionally grave
damage to national security.
May be used with a caveat.
Interpretation
‘Australian Government’ does not refer to the NSW State Government, nor other State or Territory governments.
This table does not list caveats, which may be used in conjunction with security classifications – in accordance
with these Guidelines and the PSPF.
1
UNCLASSIFIED is not a protective marking; it is used by convention to describe official information that is not
expected to cause harm and does not require a security classification. This information may remain unmarked,
however, it may be marked UNCLASSIFIED if required.
2
This DLM references Commonwealth legislation, but additional DLMs referencing equivalent NSW legislation may be
created if there is a need, with agreement from the Steering Group, and pursuant to these Guidelines. Sensitive
information can include:
a) information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a
political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or
trade association, membership of a trade union, sexual orientation or practices, or criminal record;
b) personal information;
c) health information about an individual;
d) genetic information about an individual that is not otherwise health information;
e) biometric information that is to be used for the purpose of automated biometric verification or biometric
identification; or
f) biometric templates.
33
APPENDIX D – Business Impact Levels
1 (LOW)
2 (MEDIUM)
Could be expected to
harm government agency
operations, commercial
entities or members of the
public by:
Could be expected to cause limited damage to
national security, government agency
operations, commercial entities or members
of the public by:
causing a degradation
in organisational
capability to an extent
and duration that,
while the agency can
perform its primary
functions, the
effectiveness of the
functions is noticeably
reduced
resulting in minor
damage to agency
assets
resulting in minor
financial loss
minor harm to
individuals - not
resulting in physical
injury such as minor
breach of privacy or
financial loss
undermining the
financial viability of a
minor Australia-based
or Australian-owned
organisation.
3 (HIGH)
e.g. PROTECTED LEVEL
Could be expected to damage
government agency operations,
commercial entities or members
of the public by:
causing a significant degradation in
organisational capability to an extent and
duration that, while the agency can
perform its primary functions—including
national security type functions—the
effectiveness of the functions is
significantly reduced
resulting in significant harm to agency
assets
resulting in significant financial loss
causing a severe degradation
in or loss of organisational
capability to an extent and
duration that the agency
cannot perform one or more
of its primary functions
resulting in major harm to
agency assets
resulting in major financial
loss
limited harm to individuals – could cause
harm to individuals including injuries that
are not serious or life threatening
endanger individuals – the
compromise of information
could lead to serious harm or
potentially life threatening
injury to an individual
causing damage to the operational
effectiveness or security of Australian or
allied forces—e.g. compromise of a
logistics system causing re-supply
problems without causing risk to life
causing embarrassment to diplomatic
relations
disadvantaging a major Australian
company
hindering the detection, impeding the
investigation, or facilitating the
commission of low-level crime—i.e. crime
not defined in legislation as serious
crime—or hindering the detection of
serious crime
resulting in loss to Australian Government
/ public sector of $10 million, up to $100
million
undermining the financial viability of a
major Australia-based or Australianowned organisation, or
resulting in minor loss of confidence in
government.
disadvantaging a number of
major Australian companies
impeding the investigation
of, or facilitating the
commission of, serious
crime—as defined in
legislation
resulting in short-term
material damage to national
finances or economic
interests—to an estimated
total of $100 million to $10
billion
causing material damage to
international trade or
commerce, directly and
noticeably reducing
economic growth in
Australia, or
resulting in a major loss of
confidence in government.
4 (VERY HIGH)
e.g. CONFIDENTIAL LEVEL
Could be expected to damage
national security by:
5 (EXTREME)
e.g. SECRET LEVEL
Could be expected to seriously damage national
security, government agency operations,
commercial entities or members of the public
by:
causing a severe degradation in
or loss of organisational
capability to an extent and
duration that the agency cannot
perform one or more of its
national security functions
resulting in major harm to agency
national security assets
causing a severe degradation in or loss of
organisational capability to an extent and
duration that the agency cannot perform
any of its national security functions
endanger small groups of
individuals – the compromise of
information could lead to serious
harm or potentially life
threatening injuries to a small
group of individuals
threatening directly the internal political
stability of Australia or friendly countries
causing exceptionally grave damage to the
operational effectiveness or security of
Australian or allied forces—e.g. compromise
of the operational plans of units of battalion
size or above in a theatre of military
operations
raising international tension, or seriously
damaging relations with friendly
governments
severely disadvantaging Australia in
international negotiations—e.g. advance
compromise of Australian negotiation
strategy or acceptable outcomes, in the
context of a major WTO negotiating round
causing severe damage to Australian or
allied intelligence capability
causing major, long-term impairment to the
ability to investigate serious organised
crime—as defined in legislation
causing major, long-term damage to the
Australian economy—to an estimated total
in excess of $20 billion
causing major, long-term damage to global
trade or commerce, leading to prolonged
recession or hyperinflation in Australia, or
threatening directly the internal stability of
Australia or friendly countries leading to
widespread instability.
resulting in severe damage to the
operational effectiveness or
security of Australian or allied
forces—e.g. compromise of the
operational plans of units of
company size or below in a
theatre of military operations
materially damaging diplomatic
relations—e.g. cause formal
protest or other sanctions
disadvantaging Australia in
international negotiations—e.g.
advance compromise of
Australian negotiation strategy or
acceptable outcomes, in the
context of a bilateral trade
dispute
causing damage to Australian or
allied intelligence capability, or
causing major, long-term
impairment to the ability to
investigate serious crime—as
defined in legislation.
threaten life directly – the compromise of
information could lead to loss of life of an
individual or small group
6 (CATASTROPHIC)
e.g. TOP SECRET LEVEL
Could be expected to
cause exceptionally
grave damage to
national security by:
resulting in the
collapse of
internal political
stability of
Australia or
friendly countries
leading directly to
widespread loss
of life – the
compromise of
information
could lead to the
death of a large
number of people
directly provoking
international
conflict, or
causing
exceptionally
grave damage to
relations with
friendly
governments.
34
APPENDIX E – Classification and labelling content examples
DLMs
FOUO
Sensitive
Sensitive: Personal
Sensitive: Legal
- A tender response.
- Private citizen
submission to an agency
outlining opposition to
a new business opening
in the community.
- Information which
may not be disclosed
due to a legal sanction.
- Employee file
including information
regarding health status.
- Legal advice provided
to the agency.
- Document outlining
agency legal concerns
provided to legal
advisers.
- Notes of a meeting to
advise of a response to
a threat of legal action
against the agency.
Sensitive: NSW
Government
- Internal brief
reflecting on interests
of a group of
community members,
provided to government
in confidence.
- Police report regarding
a low level
investigation.
Sensitive: NSW Cabinet
Sensitive: Cabinet
- Business lists, minutes,
submissions or
memoranda that have
been or are proposed to
be submitted to the
NSW Cabinet.
- Business lists, minutes,
submissions or
memoranda that have
been or are proposed to
be submitted to the
Commonwealth
Cabinet.
Security classifications
UNCLASSIFIED
PROTECTED
CONFIDENTIAL
SECRET
TOP SECRET
- Official information not needing
security classification.
- Commonwealth brief relating to
negotiations with States on
funding.
- Commonwealth report on
emerging security threats to
Australia.
- Background information on a new
military purchase for the Australian
Defence Force.
- Highly sensitive, strategic report
on covert deployment of a new
military capability.
35
APPENDIX F – Aligning control and handling requirements
Situations may arise where there are differences between the requirements for control and/or handling in
these Guidelines and what is set out in the PSPF (as updated from time to time).
This table provides courses of action for specific scenarios.
Scenario
Course of action
Information has a DLM and a security classification,
The requirements in the PSPF regarding the relevant
which control and/or handling requirements apply?
security classification take precedence to the extent of any
inconsistency.
The document has a DLM, and there is an
The requirements in these Guidelines take precedence to
inconsistency between a mandatory control and/or
the extent of any inconsistency.
handling requirement in these Guidelines and the
PSPF, and the document was created by the NSW
Government and/or primarily relates to the
operation of the NSW Government.
Which requirement applies?
The document has a DLM, and there is an
The requirements in the PSPF take precedence to the
inconsistency between a mandatory control and/or
extent of any inconsistency.
handling requirement in these Guidelines and the
PSPF, and the document was created by the
Commonwealth and/or primarily relates to the
operation of the Commonwealth.
Which requirement applies?
The PSPF is silent on an aspect of control and/or
These Guidelines take precedence in relation to that aspect
handling, but these Guidelines have specific
of control and/or handling and have to be met.
requirements, do the requirements in these
Guidelines have to be met?
The PSPF has a recommendation (e.g. using ‘can’ or
If the document was created by the NSW Government
‘should’) regarding an aspect of control and/or
and/or primarily relates to the operation of the NSW
handling, but the Guidelines have a mandatory
Government, the mandatory requirement in these
requirement in relation to that same aspect, which
Guidelines takes precedence.
takes precedence?
Otherwise, the PSPF recommendation takes precedence.
36
APPENDIX G – Resources
Further to the key documents listed in section 2.6, the following table provides a list of other resources
which may influence information security classification and labelling procedures.
Issuer
Reference
Commonwealth
Document name
Australian Government Protective Security Policy Framework
(PSPF) – documents map
Commonwealth
As updated (version 1.0, 18 July
2011)
Information security management guidelines – Australian
Government security classification system
Commonwealth
As updated (version 1.0, 21 June
2011)
Protectively marking and handling sensitive and security
classified information
Commonwealth
As updated (version 1.5, 6 June
2010)
Australian Government Protective Security Policy Framework
– Securing Government business
Commonwealth
As updated (version 1.0, 21 June
2011)
Protective Security Governance Guidelines – Business Impact
Levels
Commonwealth
Current version, as updated
Physical security management guidelines
Commonwealth
2012 (as updated)
Information Security Manual
Commonwealth
Current version in effect, as
amended
Privacy Act 1988 (Commonwealth)
NSW Government
Current version in effect, as
amended
NSW Digital Information Security Policy
NSW Government
Current version in effect, as
amended
Health Records and Information Privacy Act 2002 (NSW)
NSW Government
Current version in effect, as
amended
Privacy and Personal Information Protection Act 1998 (NSW)
(PPIPA)
NSW Government
Current version in effect, as
amended
Government Information (Public Access) Act 2009 (NSW)
(GIPAA)
NSW Government
Current version in effect, as
amended
State Records Act 1998 (NSW)
NSW Government
Current version in effect, as
amended
Court Information Act 2010 (NSW)
NSW Department
of Finance and
Services
Version 1.2, 30 June 2011
NSW Guide to Labelling Sensitive Information 2011 (previous
system in NSW)
NSW Department
of Finance and
Services
NSW Government ICT Strategy
37
NSW Department
of Premier and
Cabinet
Cabinet Conventions: NSW Practice
NSW Department
of Premier and
Cabinet
7 June 2006
M2006-08 Maintaining Confidentiality of Cabinet Documents
and Other Cabinet Conventions
NSW Department
of Premier and
Cabinet
30 July 2007
M2007-13 Release of NSW Government Security Sensitive
Information to Third Parties
NSW Department
of Premier and
Cabinet
30 September 2008
M2008-17 NSW Policy and Guidelines for Protecting National
Security Information
NSW Department
of Premier and
Cabinet
As updated (June 2011)
Ministerial Handbook
38
APPENDIX H – Glossary
The following glossary provides definitions for terms that are not otherwise explained in the text of the
Guidelines.
Accountable Material
In these Guidelines the term Accountable Material means particularly
sensitive information requiring strict access and movement control.
Such items are recorded in a central register in each holding
organisation.
Clear desk policy
The term Clear desk policy means that items with a protective marking
must be secured when unattended and their content always
unobservable to people without the Need to know.
Commonwealth
Refers to the Australian Government, and includes Australian
Government agencies.
Damage
Damage referred to in these Guidelines may be financial, commercial
or reputational damage to any NSW Government agency, the NSW
Government, the Australian Government, or an Australian Government
agency.
Infrequent
The term Infrequent means no more than one transmission per month
within or from a site.
National security information
Official information whose compromise could affect the security of the
nation.
National security information could include information about security
threats from espionage, sabotage, politically motivated violence,
promotion of communal violence, attacks on Australia’s defence, acts
of foreign interference or serious organised crime, as well as the
protection of Australia’s borders.
39
Need to know
The term Need to know means that access to information should be
limited to those that need to know or use it. It is applied at the level of
specific individuals and applies to all types of sensitive information.
Agencies should take all reasonable and appropriate precautions to
ensure that only people with a proven need to know gain access to
sensitive and security classified information.
People are not entitled to access information merely because it would
be convenient for them to know or because of their status, position,
rank or level of authorised access.
Safe hand
Carriage of protectively marked information by Safe hand means it is
despatched to the addressee in the care of an authorised officer or
succession of authorised officers who are responsible for its carriage
and safekeeping (see the PSPF for guidance).
Secure area
The term Secure area means a work area to which physical access is
controlled and all visitors, whether working for the agency or not, are
escorted.
An office area may be a secure area.
Central register
A central record is to be maintained of all persons having access to any
information marked TOP SECRET or Accountable Material.
This register is separate from any movement record which forms part
of the document or file (see the PSPF for guidance).
UNCLASSIFIED
Official information that is not expected to cause harm and does not
require a security classification; it may be unlabelled or it may be
marked UNCLASSIFIED.
UNCLASSIFIED is not a protective marking or a security classification.
This type of information represents the bulk of official information.
40

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2025 Paperzz