Te Whakamarumarutanga Security

Protective Security Requirements (PSR)

System lead: New Zealand Security Intelligence Service (NZSIS)

New Zealand Government Protective Security Requirements (PSR) outlines the Government’s expectations for managing personnel, information and physical security

Published guidance:

• Raising security awareness of potential threats to your organisation
  • PSR-due-diligence-assessments.pdf (protectivesecurity.govt.nz)
• Consider your security governance
  • Implementing a risk-based approach to protective security | Protective Security Requirements
  • Building security awareness | Protective Security Requirements
  • Supply chain security | Protective Security Requirements
  • Managing business continuity | Protective Security Requirements
• Consider how your personnel may pose security risks
  • PSR-guide-to-personnel-security-for-your-organisation.pdf (protectivesecurity.govt.nz)
• Understand how to manage your information security
  • Information security (INFOSEC) | Protective Security Requirements
• Physical security to protect your people, information and assets
  • Understanding the physical security lifecycle | Protective Security Requirements
  • Taking a risk-based approach to physical security | Protective Security Requirements
    
    

Department of the Prime Minister and Cabinet - Defining National Security

Contact for further advice: psr@protectivesecurity.govt.nz

Requirements and expectations

National Cyber Security Centre (NCSC) - GCSB

System lead: Government Chief Information Security Officer (GCISO). The GCISO role is supported by the National Cyber Security Centre (NCSC)

The National Cyber Security Centre (NCSC) is part of the Government Communications Security Bureau. Its role is to help New Zealand’s most significant public and private sector organisations to protect their information systems from advanced cyber-borne threats. Its focus is on detecting and disrupting cyber threats that are typically beyond the capability of commercially available products and services

• Its activities are mandated by the Intelligence and Security Act 2017
• NCSC and GCSB functions form part of the 2019 NZ Cyber Security Strategy

Published guidance:

• NZISM - ISM Document (gcsb.govt.nz) - is intended for use by Crown entities and provides both a risk management framework, and a set of essential or baseline controls and additional good and recommended practice
• Supply Chain Cyber Security: In Safe Hands
• Incident Management: Be Resilient, Be Prepared
• Charting Your Course: Cyber Security Governance
• Technical approaches to uncovering and remediating malicious activity
• Working from home and cloud security
• Approved cryptographic algorithms and retiring older cryptographic algorithms
• Use of approved secure destruction facilities

Services

The NCSC also develops services to strengthen New Zealand’s cyber defence capabilities, such as;

• Malware Free Networks (MFN), is a threat detection and disruption service which provides near real-time threat intelligence reflecting current malicious activity targeting NZ organisations.
• advanced cyber threat detection and disruption (CORTEX) capabilities and services to organisations of national significance

Contact for further advice:

The National Cyber Security Centre responds to threats to nationally significant organisations and high-impact cyber incidents at national level

• Nationally significant organisations can report a suspected cyber security incident

If you have a suspected cyber security incident and you’re unsure about what to do, contact NCSC

Requirements and expectations