Cyber security policies
Cyber Security NSW develops and implements cyber security policies for the NSW Government.
NSW Cyber Security Policy
The NSW Cyber Security Policy outlines the mandatory requirements and responsibilities that all NSW Government departments and agencies must adhere to in order to ensure cyber security risks to their information and systems are appropriately managed.
By 31 October each year, all NSW Government agencies are required to submit cyber security reporting to Cyber Security NSW (via their department Chief Cyber Security Officer). Per the template provided by Cyber Security NSW, this reporting must cover:
-
maturity reporting against the mandatory requirements of the NSW Cyber Security Policy
-
cyber security risks with a residual rating of high or extreme, and a list of the agency’s “crown jewels”
-
an attestation on cyber security that is either included in the agency’s annual report or completed and signed off by the respective Agency Head.
Tools and resources
NSW Government agencies can request the following support documents from Cyber Security NSW via info@cyber.nsw.gov.au:
-
Cyber Risk Management Toolkit
-
Policy Maturity Reporting Template
Cyber security Circulars
Cyber Security NSW assists with the development of Circulars to advise of and/mandate certain cyber security practices for NSW Government entities and staff, as required.
- DCS-2020-05 Cyber Security NSW directive – Practice Requirements for NSW Government – mandates cyber security responsibilities for all employees, including compulsory annual cyber security training for all NSW public servants (including contractors)
- DCS-2021-02 NSW Cyber Security Policy – requires all NSW Government departments and agencies to implement the NSW Cyber Security Policy, to ensure an integrated approach to preventing and responding to cyber security threats
- DCS-2022-03 Accessing NSW Government digital systems while overseas – mandates staff seeking approval from their department/agency cyber security team if they intend to access their NSW Government ICT accounts while overseas
- 22-39 Release of Cyber Security Guidelines for NSW Local Government – outlines cyber security standards and controls recommended by Cyber Security NSW of NSW local government entities
- DCS-2023-01 Cyber Security NSW Directive - Protecting NSW Government information on government-issued devices – prevents the installation and mandates the removal of existing instances of the TikTok application on government-issued devices.