Directive on the Security of Government Business

In a diverse and complex threat landscape, it is important that government departments have systems in place to reduce their vulnerabilities. Threats may include violence against staff, criminal damage against departmental property, significant fraud, theft of information and cyber security issues.

Different departments will face different threats – depending on their role, scale and circumstances. For this reason, the Protective Security Requirements are flexible and risk-based.

The Protective Security Requirements are designed to help government departments assess the risks that might confront their organisation’s people, information and assets. It enables departments to implement a security approach that reflects their individual risk environments and business needs. The requirements will evolve as new threats emerge and to keep pace with changing technology.

On 8 December 2014, Cabinet approved the Protective Security Requirements, incorporating the New Zealand Information Security Manual, in place of the Security in the Government Sector and the Protective Security Manual.

Cabinet has directed all public service departments and the New Zealand Defence Force, New Zealand Police, New Zealand Security Intelligence Service and Parliamentary Counsel Office to implement the Protective Security Requirements. These departments are required to provide assurance information upon request from the lead security agencies (Government Communications Security Bureau, New Zealand Security and Intelligence Service, and the Department of the Prime Minister and Cabinet).

Chief Executives are accountable for the implementation of these Protective Security Requirements. A new team within the New Zealand Intelligence Community will support departments to implement the requirements through outreach, resources and training.

The Protective Security Requirements are security best-practice. The wider public sector and the private sector face many of the same threats and are encouraged to implement the Protective Security Requirements in support of New Zealand’s social, economic and security interests. 

The Protective Security Requirements will be closely coordinated with the privacy management in government requirements led by the Government Chief Privacy Officer.

CAB MIN (14) 39/38

Page last modified: 2/10/2018