The South Australian Cyber Security Framework (SACSF) is a whole of government approach to ensure cyber security is adequately managed in each South Australian Government agency. The SACSF also provides flexibility in the way each agency addresses the policies within it.

The SACSF applies to South Australian Government public sector agencies (agencies), including administrative units, bodies corporate, statutory authorities, and instruments of the Crown as per the Public Sector Act 2009. It also applies to suppliers to the South Australian Government and non-government personnel that provide services to government agencies.

• South Australian Cyber Security Framework  (PDF, 553.6 KB)

The SACSF has a range of supporting guidance and templates to assist South Australian Government agencies with certain elements of the framework.

The individual requirements of agencies will determine how each guideline is used and what actions are needed to manage risks.

• SACSF G1.0 executive guide (PDF, 137.5 KB) (PDF, 137.5 KB)
• SACSF G2.0 Guideline - Suppliers using the SACSF (PDF, 69.4 KB) (PDF, 69.4 KB)
• SACSF G3.0 Guideline - Engaging suppliers and cloud security (PDF, 109.3 KB) (PDF, 109.3 KB)
• SACSF G4.0 Guideline - Cyber security incident reporting (PDF 346 KB) (PDF, 399.4 KB)
• SACSF G5.0 Guideline - ITSA role and responsibilities (PDF, 49.1 KB) (PDF, 49.1 KB)
• SACSF G6.0 Guideline - Integrity and Availability Classification (PDF, 227.5 KB) (PDF, 227.5 KB)
• SACSF G7.0 Guideline - Remote and home-based teleworking (PDF, 283 KB) (PDF, 279.3 KB)
• SACSF G8.0 Guideline - Security risk management (PDF, 282.5 KB)  (PDF, 282.5 KB)
• SACSF G10.0 Guideline - Password Management  (PDF, 291.3 KB) (PDF, 291.3 KB)
• SACSF  G11.0 Guideline - Vulnerability management and patching (PDF, 292.3 KB)

SACSF rulings are specific applications of security policy that must be adhered to by all agencies.

• ISMF Ruling 1 - Security management requirements for critical information and communication technology (PDF, 74.5 KB) (PDF, 74.5 KB) Security management requirements for critical information and communication technology).  This ruling is retired but is available for reference.
• SACSF R2.0 Storage and Processing of Information in Outsourced or Offshore ICT Arrangements (PDF, 184.3 KB) (PDF, 184.3 KB) (under review)