This wiki is a meta-reference focused on the Australian Government's Information Security Manual (ISM) and Infosec Registered Assessors Program (IRAP)
It doesn't intend to be a comprehensive guide; links to authoritative sources are provided. The goal is to provide extra supporting info and references to go deeper into the various topics covered by the ISM and IRAP. This comes from the perspective of a long time technical security and infrastructure architect rather than an auditor.
Contact wiki at shirow dot net with any questions or comments
The Protective Security Policy Framework (PSPF) helps Australian Government entities to protect their people, information and assets, both at home and overseas. It sets out government protective security policy and supports entities to effectively implement the policy across the following outcomes:
The Protective Security Policy Framework (PSPF) was introduced in 2010 to help Australian Government entities protect their people, information and assets, both at home and overseas.
The PSPF sets out the government’s protective security policy approach and is comprised of 16 core policies. PSPF Policy 11 Robust ICT systems requires that:
https://www.protectivesecurity.gov.au/ (Department of Home Affairs)
Information Security Manual (ISM) (Australian Signals Directorate (ASD) under Department of Defence)
The ISM gets its authority or mandate from the PSPF, particularly policy 11 : Robust ICT systems
Infosec Registered Assessors Program (IRAP) (Australian Signals Directorate (ASD) under Department of Defence)
IRAP assessment is mostly against the ISM
Defence Security Principles Framework (DSPF)
The DSPF aligns Defence with the Commonwealth’s Protective Security Policy Framework (PSPF). Under the PSPF, all agencies must develop their own protective security policies and procedures.