NSW Cyber Security Policy (NSW CSP)

By : 6clicks
The policy outlines the mandatory requirements to which all NSW government departments and Public Service agencies must adhere, to ensure cyber security risks to their information and systems are appropriately managed. This policy is designed to be read by Agency Heads and all Executives, Chief Information Officers, Chief Information Security Officers (or equivalent) and Audit and Risk teams.
In stock


This download includes the NSW CSP Maturity Assessment requirements only so there are no mapped questions. Use this download if you just want the provisions and you want to create your own question set.

This policy applies to all NSW government departments and Public Service agencies, including statutory authorities and all NSW government entities that submit an annual report to a Secretary of a lead department or cluster, direct to a Minister, or direct to the Premier. In this policy, references to “lead cluster departments” or “clusters” mean the departments listed.

The NSW CSP Maturity Reporting is an annual assessment of cyber security required to be undertaken by NSW government entities. The requirements are closely aligned with ISO/IEC 27001 and require NSW government entities to have an effective Information Security Management System (ISMS). For the ASD Essential 8 reporting requirements, please refer to our separate ASD Essential 8 assessment.

The NSW CSP Maturity Reporting includes 20 requirements across 4 domains, which are:

  • Planning and Governance
  • Cyber Security Culture
  • Safeguarding Information and Systems
  • Cyber Incident Management

Getting Started

Click "Book a demo" and our team will provide you with an overview of our content library within the 6clicks GRC platform.

More Information

More Information
Jurisdiction Australia
Type Laws or related obligations