Cyber security policies

Cyber Security NSW develops and implements cyber security policies for the NSW Government.

NSW Cyber Security Policy

The NSW Cyber Security Policy outlines the Mandatory Requirements to which all NSW Government agencies must adhere to in order to ensure cyber security risks to their information and systems are appropriately managed.

By 31 October each year, Cyber Security NSW must be provided with a report for each agency, either via the portfolio CISO or directly to Cyber Security NSW. Reporting must include:

1. an assurance assessment against all Mandatory Requirements in the NSW Cyber Security Policy for the previous financial year
2. cyber security risks with a residual rating of high or extreme
3. an attestation on cyber security.

NSW Cyber Security Policy (PDF, 584.29 KB)

Cyber Security NSW Circulars

Cyber Security NSW assists with the development of Circulars to advise of and/or mandate certain cyber security practices for NSW Government entities and staff, as required.

• DCS-2021-02 NSW Cyber Security Policy – requires all NSW Government departments and agencies to implement the NSW Cyber Security Policy, to ensure an integrated approach to preventing and responding to cyber security threats
• DCS-2022-03 Accessing NSW Government digital systems while overseas – mandates staff seeking approval from their department/agency cyber security team if they intend to access their NSW Government ICT accounts while overseas
• 22-39 Release of Cyber Security Guidelines for NSW Local Government – outlines cyber security standards and controls recommended by Cyber Security NSW of NSW local government entities
• DCS-2025-01 Cyber Security NSW Directive - Restricted Applications List – restricts access to products, applications and web services from NSW Government-issued devices, or personal devices that are used for government business, that are identified as posing unmanageable foreign ownership, control or influence risks.