Cyber Security Policy
The policy outlines the requirements NSW government departments and agencies must adhere, to ensure cyber security risks are appropriately managed
Summary of Your Agency's Reporting Obligations
Department Chief Information Security Officers (CISOs) and/or central department cyber security teams, are to coordinate policy reporting across the entirety of their department. In April each year, department CISOs are to provide Cyber Security NSW with an updated list of all agencies in their department and how they will be reporting, in a template provided by Cyber Security NSW.
By 31 October each year, agencies must submit a report to their department CISO, or Cyber Security NSW, in a template provided by Cyber Security NSW, covering the following:
- Maturity reporting against all mandatory requirements in this policy and the Australian Cyber Security Centre (ACSC) Essential Eight for the previous financial year. The reporting template to be provided by Cyber Security NSW
- Cyber security risks with a residual rating of high or extreme and a list of the agencies' "crown jewels"
- An attestation on cyber security to also be included in each agency's individual annual report. If your agency does not complete an annual report, an attestation must still be completed and signed-off by your Agency Head.
NSW Government agencies can request the Policy Maturity Reporting Template from policy@cyber.nsw.gov.au.
NSW Cyber Security Policy (PDF, 662.51 KB)
Tools and Resources
Some tools and resources have been produced to assist with reporting requirements for the Cyber Security Policy. These documents have been listed below. NSW Government agencies can request these documents from policy@cyber.nsw.gov.au
If you are a contractor or third-party undertaking work on behalf of a NSW Government agency, please ask the entity to contact Cyber Security NSW on your behalf.