Meeting PSPF Compliance for secure collaboration of classified information
As Australian Government agencies seek ways of collaborating securely on sensitive and classified information, it is critical that they are able to set and enforce the terms and conditions under which they share classified information. Under the Protective Security Policy Framework (PSPF), agencies need to demonstrate that only authorised users access data that matches their identity, security clearance, nationality and need-to-know obligations.
Security and compliance are critical for the success of inter-agency sharing and collaboration. Meeting security controls such as those in the Information Security Manual (ISM) from the Australian Signals Directorate (ASD) is an important part of these compliance measures.
Most commercial providers of collaboration solutions are not PSPF or ISM compliant ‘out-of-the-box’, which requires ‘bolt on’ bespoke security and compliance elements to meet government security needs. Bolt on solutions can be cumbersome, expensive and are rarely as effective as those designed from the ground up to meet these security controls.
Empowering information custodians themselves to easily set the rules for sharing to the data itself, by tagging specific purposes or handling conditions, makes creating and applying access policies simpler. Dynamic enforcement of policy enables the Australian Government to meet sovereign compliance requirements for the secure management of government information, and also assists in meeting other international compliance obligations such as the International Traffic in Arms Regulation (ITAR) and the EU’s new General Data Protection Regulation (GDPR).
Extending compliance to GDPR and other global regulations
GDPR is a strict set of standards rolled out in 2018 that extends the scope of EU data protection law to all foreign companies processing data of EU residents, imposing additional restrictions on how companies and agencies protect and manage the personal information of EU citizens. The regulation pushes the onus for appropriate data handling onto all public and private organisations that hold or process personal data.
With the Australian Government continuing to work with global third-party providers, agencies will also need to look carefully at how these third-party providers meet these requirements, as well as how to securely share information between the government and commercial sectors.
Ensure secure sharing and collaboration of sensitive and classified information
archTIS specialises in products to enable the secure sharing and collaboration of classified and sensitive information between both internal and third parties. archTIS’ high security collaboration platform Kojensi, provides fine-grained access controls and metadata management so that security is built into the solution by design, from the ground up. Kojensi is able scale the full spectrum of security classification levels and ensure only suitably authorised personnel can gain access to classified information.
Kojensi is available ‘as-a-Service’ now for easy connection, and meets the ISM and PSPF requirements for sharing and collaborating on information of PROTECTED and below classifications. It provides accredited, simple, effective, and compartmentalised user access to classified content, with access decisions able to be updated and immediately enforced in real-time across the information environment.