This policy describes the requirements for entities planning digital investments requiring network security consideration.
Applicability
Digital investment proposals are assessed against this policy by the DTA through the Digital and ICT investment oversight framework (IOF).
Commonwealth entities are encouraged to apply this policy to all digital investments.
Policy requirements
-
Comply with legislation
An entity must comply with any legislation relevant to its circumstances.
-
Align to guidelines and standards
All Commonwealth entities must comply with the Protective Security Policy Framework, as well as any other mandatory frameworks, policies, and standards.
-
Model your topology, and develop a strategic approach
A standardised understanding of network design and topology, and an overarching strategic approach, will inform network design, security solution development, and potentially assist with fault finding and remediation.
-
Select and implement appropriate network security controls
There is a wealth of security industry guidance that supports best practice development of repeatable network security architectures.
-
Recognise emerging network security trends
Network Security is constantly evolving. Emerging approaches should be considered for inclusion in any investment.
-
Adhere to reuse principles
Entities must give priority to the adoption of reuseable digital and ICT solutions, patterns, or knowledge, and, where necessary, design new solutions with a focus on future reuse.