Overview
The South Australian Cyber Security Framework (SACSF) is a government cybersecurity framework developed by Security SA to ensure cyber security is effectively managed across South Australian Government agencies. It provides a risk-based approach for protecting government infrastructure, digital assets, information, and services while allowing agencies flexibility in how they implement security controls to meet their specific operational needs.
The SACSF applies to South Australian public sector agencies defined under the Public Sector Act 2009 and is built around 18 policy statements that support four core principles: Governance, Information Security, Personnel Security, and Physical Security. The framework uses a four-tier implementation model, with each tier introducing progressively stronger security requirements based on the agency's risk exposure, ensuring that controls are proportionate to the level of risk.
The primary purpose of the SACSF is to help agencies identify, manage, and reduce cyber security risks while strengthening operational resilience and security governance. The framework is supported by standards, rulings, guidelines, templates, and implementation resources that address areas such as risk management, incident reporting, vulnerability management, awareness training, email security, and secure technology practices, enabling a consistent and scalable approach to cybersecurity across government.
The following principles are contained in this download: 1 Leadership 2 Organisational Structure and Staff Responsibilities 3 Risk Management 4 Policies, Procedures and Compliance 5 Supplier Management and Acquisition of Technology 6 Audit and Assurance 7 Information Asset Identification and Classification 8 Incident Management 9 Resilience and Service Continuity 10 Access to Information 11 Administrative Access 12 Robust ICT Systems and Operations 13 Vulnerability Management 14 Network Communications 15 Secure Software Development 16 Mobile Device Management & Remote Working 17 Personnel Security Lifecycle 18 Physical Security