Te Whakamarumarutanga Security

Protective Security Requirements (PSR)

System lead: New Zealand Security Intelligence Service (NZSIS)

New Zealand Government Protective Security Requirements (PSR) outlines the Government’s expectations for managing personnel, information and physical security

Published guidance:

• Raising security awareness of potential threats to your organisation
  • PSR-due-diligence-assessments.pdf (protectivesecurity.govt.nz)
• Consider your security governance
  • Implementing a risk-based approach to protective security | Protective Security Requirements
  • Building security awareness | Protective Security Requirements
  • Supply chain security | Protective Security Requirements
  • Managing business continuity | Protective Security Requirements
• Consider how your personnel may pose security risks
  • PSR-guide-to-personnel-security-for-your-organisation.pdf (protectivesecurity.govt.nz)
• Understand how to manage your information security
  • Information security (INFOSEC) | Protective Security Requirements
• Physical security to protect your people, information and assets
  • Understanding the physical security lifecycle | Protective Security Requirements
  • Taking a risk-based approach to physical security | Protective Security Requirements
    
    

Department of the Prime Minister and Cabinet - Defining National Security

Contact for further advice: psr@protectivesecurity.govt.nz

Requirements and expectations

National Cyber Security Centre (NCSC) - GCSB

System lead: Government Chief Information Security Officer (GCISO). The GCISO role is supported by the National Cyber Security Centre (NCSC)

The National Cyber Security Centre (NCSC) is part of the Government Communications Security Bureau. 

• Its activities are mandated by the Intelligence and Security Act 2017
• NCSC and GCSB functions form part of the 2019 NZ Cyber Security Strategy

Published guidance:

• NZISM - ISM Document (gcsb.govt.nz) - is intended for use by Crown entities and provides both a risk management framework, and a set of essential or baseline controls and additional good and recommended practice
• Supply Chain Cyber Security: In Safe Hands
• Incident Management: Be Resilient, Be Prepared
• Charting Your Course: Cyber Security Governance
• Use of approved secure destruction facilities

Services

The NCSC provides cyber security services to all New Zealanders - from individuals to small and medium businesses and organisations, large enterprises, government, and nationally significant organisations.   

The NCSC also develops services to strengthen New Zealand’s cyber defence capabilities, such as;

• Malware Free Networks (MFN), is a threat detection and disruption service which provides near real-time threat intelligence reflecting current malicious activity targeting NZ organisations.
• Advanced cyber threat detection and disruption (CORTEX) capabilities and services to organisations of national significance

Contact for further advice:

The NCSC responds 24/7 to cyber security incidents of potential national significance. You can report an incident using the contact information and form on the NCSC website:  

• Report an incident and request support | National Cyber Security Centre 

Requirements and expectations