Generated Nov 18, 2019, 7:18 PM

Page of

DFSI-2019-02-NSW Cyber Security Policy

Generated Nov 18, 2019, 7:18 PM

Identifier: DFSI-2019-02
Status: Active
Title: DFSI-2019-02-NSW Cyber Security Policy
Author:

Generated Nov 18, 2019, 7:18 PM

Page of

Department of Finance, Services and Innovation

Type:
Department of Finance, Services and Innovation Circular
Identifier:
DFSI-2019-02
Status:
Active

DFSI-2019-02-NSW Cyber Security Policy

Description

Description

Introduction of mandatory cyber security requirements for NSW Public Service Agencies to ensure an integrated approach to preventing and responding to cyber security threats.

Detailed Outline

From 1 February 2019, the Digital Information Security Policy will be replaced by the NSW Cyber Security Policy.

All NSW Public Service Agencies must comply with the Policy and it is recommended for adoption in State Owned Corporations, as well as local councils and universities.

New mandatory requirements include:

  • identification of an Agency’s most valuable or operationally vital systems or information (“crown jewels”)
  • implementing regular cyber security education for all employees, contractors and outsourced ICT service providers
  • implementation and provision of a maturity assessment against the Australian Cyber Security Centre (ACSC) ‘Essential 8’ strategies to mitigate cyber security incidents
  • inclusion of requirements for industrial automation and control systems (IACS) / operational technology (OT) and the internet of things (IoT)
  • reporting cyber security incidents to the Government Chief Information Security Officer

The Policy includes a requirement for Agencies to provide a cyber security attestation in their annual reports.

Exemptions to any part of this Policy may be sought by Agency heads and sent to the Government Chief Information Security Officer for consideration, prior to Government Chief Information and Digital Officer approval.

The date of adoption for this Policy and its requirements is 1 February 2019, with reporting for the 2018/19 financial year due on 31 August 2019.

The NSW Government Chief Information Security Officer is available for support and guidance regarding implementation of this Policy.

Contact: cybersecurity@finance.nsw.gov.au

Link: https://www.digital.nsw.gov.au/cybersecuritypolicy

Overview

Who needs to know and/or comply with this?

Executive agencies related to Departments
Departments
Statutory Authorities/Bodies
Separate agencies

AR Details

Date Issued
Feb 1, 2019
Review Date
Feb 1, 2020
Replaces
node/52221
Replaced By

Contacts

Contact
cybersecurity@finance.nsw.gov.au
Phone
(02) 9372 8877
Publishing Entity
Department of Finance, Services and Innovation
Issuing Entity
Department of Finance, Services and Innovation
Internal Reference (BN18/3020)