Click here and type document title€¦ · Web viewSecurity classification PUBLIC Date of review of security classification November 2010 Authority Queensland Government Chief Information

Queensland Government Enterprise Architecture

ICT Policy and Coordination OfficeDepartment of Public Works

QGEA

Document details

Security classification PUBLIC

Date of review of security classification

November 2010

Authority Queensland Government Chief Information Officer

Author ICT Policy and Coordination Office

Documentation status Working draft Consultation release Final version

Contact for enquiries and proposed changesAll enquiries regarding this document should be directed in the first instance to:

Director, Policy Development ICT Policy and Coordination [email protected]

AcknowledgementsThis version of the Queensland Government Information Security Controls Standard was developed and updated by the ICT Policy and Coordination Office.

Feedback was also received from a number of agencies, including members of the Information Security Reference Group, which was greatly appreciated.

Copyright

Queensland Government Information Security Controls Standard

Copyright © The State of Queensland (Department of Public Works) 2010

Licence

Queensland Government Information Security Controls Standard is licensed under a Creative Commons Attribution 2.5 Australia licence. To view a copy of this licence, visit http://creativecommons.org/licenses/by/2.5/au. It is based on work sourced from the Australian Government Protective Security Manual:2005, the Australian Government Information Technology

IIPUBLIC

Queensland Government Information Security Controls StandardFinal

November 2010

v1.0.0

PUBLIC

Final v1.0.0, November 2010

Queensland Government Information Security Controls StandardPUBLIC

http://creativecommons.org/licenses/by/2.5/au%20

mailto:[email protected]

http://creativecommons.org/licenses/by/2.5/au/

QGEA

Security Manual (ACSI 33):2006, the SSIO Better Practice Guide for Information Asset Classification and Control, and from material supplied by the Department of Justice and Attorney-General Permissions may be available beyond the scope of this licence. See www.qgcio.qld.gov.au.

Information securityThis document has been security classified using the Queensland Government Information Security Classification Framework (QGISCF) as PUBLIC and will be managed according to the requirements of the QGISCF.

IIIPUBLIC



http://www.qgcio.qld.gov.au/

QGEA

Contents1 Introduction....................................................................................................................1

1.1 Purpose..................................................................................................................11.2 Audience.................................................................................................................11.3 Scope.....................................................................................................................1

2 General controls............................................................................................................22.1 Need-to-know.........................................................................................................22.2 Filing and markings................................................................................................22.3 Clear desk policy....................................................................................................32.4 Reclassification of information................................................................................32.5 Information shared with external parties................................................................32.6 Disposal of information assets that are public records...........................................42.7 Sanitising and Disposal of media...........................................................................4

3 Non-general control details..........................................................................................53.1 Transporting security classified information...........................................................53.2 Discussing security classified information..............................................................63.3 Copying security classified information..................................................................73.4 Storage of security classified information and associated media...........................83.5 Electronic authentication and access controls.....................................................123.6 Audit logs..............................................................................................................123.7 Facsimile transmission.........................................................................................133.8 Email transmission...............................................................................................143.9 Radio Transmission..............................................................................................14

Appendix A Protective Security Manual standard file colours.............................................15

TablesTable 1: Manual transmission requirements.............................................................................6Table 2: Data transmission requirements.................................................................................6Table 3: Description of security areas.....................................................................................10Table 4: Minimum security container requirements................................................................11Table 5: Security container definitions....................................................................................11Table 6: Secure room definitions............................................................................................11Table 7: Levels of auditing required for classified information assets.....................................13Table 8: Facsimile transmission measures.............................................................................13Table 9: PSM standard file colours.........................................................................................15

IVPUBLIC



QGEA

1 Introduction

1.1 PurposeThis standard specifies the controls that must be applied to Queensland Government information assets. It complements the Queensland Government Information Security Classification Framework (QGISCF), and is also related to the Network Transmission Security Assurance Framework (NTSAF) which provides greater detail on the controls required to transmit security classified information assets.

1.2 AudienceThis document is primarily intended for agency staff who: handle information assets develop information security policy and procedures.

1.3 ScopeThe controls outlined in this document apply to information assets held by Queensland Government agencies. Where information assets have been classified using alternative classification schemes (such as the national security classification approach), the controls specified by those schemes take precedence and should be applied.

Where there is a mismatch between advice provided by various documents, the most stringent control should be applied.

PUBLICFinal v1.0.0, November 2010 Page 1 of 15


http://www.qgcio.qld.gov.au/qgcio/architectureandstandards/Pages/security.aspx




QGEA

2 General controlsAs well as the specific controls contained in the QGISCF, the following controls need to be applied to all information assets, regardless of their security classification.

2.1 Need-to-knowThe need-to-know principle requires that information assets held by an agency should only be available to those who need to use or access them to do their work. However, the need-to-know principle must not inhibit access to information assets under legislation such as the Right to Information Act 2009.

The dissemination of information assets must be no wider than is required for the efficient conduct of business and it is the personal responsibility of all those who use or access information assets, including unclassified assets, to apply the need-to-know principle to their duties. It is the responsibilities of agencies to determine need-to-know designations for staff. Personal information is also subject to legislative constraints and any confidentiality provisions that apply to individual agencies.

Agencies typically implement a need-to-know approach to information asset access through a combination of access control on applications and the implementation of both individual and work-unit based security mechanisms for file servers.

2.2 Filing and markingsSecurity classified documents should be filed with appropriate ‘wrapper folders’ or file covers. The coloured folders identifying security classification levels should be used as wrappers on physical documents or files, and are not intended to replace existing storage folders, such as those used to track file movements.

Figure 1: Security classified files

Generic Queensland Government coloured and printed folders have been sourced by some agencies and are therefore available for purchase. Where agencies have other requirements that preclude the use of the standard colour file covers, agencies should ensure that an appropriate standard is adopted within the agency. File cover sheets should also be used for all physical files, and standard cover sheets have been developed in support of this framework.

The Australian Government Protective Security Policy Framework (PSPF) (which as superseded the Australian Government Protective Security Manual) recommends that the security classification should be in capital letters, in bold text, and of a minimum height of 5mm, preferably at the centre of the top and bottom of each page. Additionally where



http://www.ag.gov.au/pspf

http://www.legislation.qld.gov.au/Acts_SLs/Acts_SL_R.htm


QGEA

possible it is preferable for the markings to be in red (ARIAL, 20 point, bold and red is an appropriate format). Page numbering of the form ‘Page n of x’ is desirable for all classifications and mandatory for HIGHLY PROTECTED.

Markings for PUBLIC and UNCLASSIFIED documents should also be in capitals, bold and red, but may be in a smaller size font if required. Because of the possibility of confusion with information assets that have yet to be information security classified, acceptable markings for UNCLASSIFIED documents are: UNCLASSIFIED INTERNAL-USE-ONLY or a combination UNCLASSIFIED–INTERNAL-USE-ONLY.

A domain can also be added if this is appropriate and would assist such as ‘AGENCY-INTERNAL-USE-ONLY’ or ‘GOVERNMENT-INTERNAL-USE-ONLY’.

2.3 Clear desk policyGeneral agency controls should include a clear desk and clear screen policy for areas that handle security classified information.

A clear desk policy requires that classified information assets are secured when workstations are unattended and that unauthorised people are not able to access any electronic material, system or network to which the user had been connected. For long periods this would mean ‘logging off’ from computer systems, but for shorter periods a screen saver with password or some similar desktop locking mechanism may be adequate.

At close of business, a workplace lock-up procedure should require that personnel: quit all systems and networks and, where possible, shut down workstations ensure that there are no security classified information assets left unsecured ensure there are no security classified information assets in waste-paper bins and that

information assets are disposed of lawfully ensure that electronic media storing security classified information assets are secured clear whiteboards and other displays of any security classified information assets secure vaults and containers holding security classified material ensure windows and doors are locked ensure that keys to containers holding security classified information assets are secure.

2.4 Reclassification of informationEmployees should not change the classification of information assets unless this action is a formal part of the reclassification process approved by the information owner. Reclassification of information assets should be performed in accordance with the standard classification process outlined in this framework and other agency specific classification processes.

2.5 Information shared with external partiesWhere agencies are required to handle security classified information assets from external agencies or business partners, the information asset must: retain the security classification of the originating agency be managed according to that agency’s information security classification scheme and

policies or in line with a Memorandum of Understanding (MOU) or Service Level



QGEA

Agreement (SLA) established between the agencies. The originating agency is responsible for ensuring that its information assets will be properly protected

if a MOU or other agreement has not been made, the information asset must, as a minimum, be handled in accordance with this framework.

2.6 Disposal of information assets that are public recordsSection 26 of the Public Records Act 2002 provides for the disposal of public records and applies to records created and maintained in any format, including records that are security classified and controlled. The Public Records Act 2002 defines disposal of a record as including: destroying or damaging the record, or part of it, or abandoning, transferring, donating, giving away or selling the record, or part of it.

Information Standard 31: Retention and Disposal of Public Records (IS31) requires that the disposal (including the destruction, sale or transfer) of records can only be performed with the written authorisation of the State Archivist. Public authorities must develop and implement formal disposal schedules authorised by the State Archivist and implement disposal processes, to ensure the legal, systematic, and consistent disposal of records no longer required for business, accountability or cultural purposes.

2.7 Sanitising and Disposal of media The following media cannot be sanitised and should be destroyed if they contain or may have contained classified information assets1: microfiche and microfilm optical discs, including CDs and DVDs printer ribbons programmable read only memory (PROM) and read only memory (ROM).

Other media including various forms of erasable or alterable PROM (EPROM), laser printer and photocopier drums, and magnetic media such as hard disk drives may be sanitised for reuse by wiping or by using a suitable degaussing tool. Sanitisation of magnetic media by erasure should be performed using specifically designed security erasure software to effectively wipe the contents of electronic storage media.

Methods of destruction

Security classified material may be disposed of by: pulping: transforming used paper into a moist, slightly cohering mass, from which new

paper products will be made burning: (in accordance with relevant environment protection restrictions) pulverisation: using hammermills with rotating steel hammers to pulverise the material disintegration: using blades to cut and gradually reduce the waste particle to a given

size determined by a removable screen shredding: using cross-cut shredders. Where the disposal method is shredding,

classified material should be destroyed using a cross-cut shredder that reduces waste to a particle size of 2.3mm x 25mm or less (B Class Shredder).

1 unless the information asset is subject to recordkeeping requirements as outlined in sections 2.6.



http://www.qgcio.qld.gov.au/qgcio/architectureandstandards/qgea2.0/Pages/Information.aspx

http://www.legislation.qld.gov.au/Acts_SLs/Acts_SL_P.htm

http://www.legislation.qld.gov.au/Acts_SLs/Acts_SL_P.htm

QGEA

Garbage and recycling

Security classified information assets should not be recycled or discarded in the agency’s general garbage unless it has already undergone some form of appropriate destruction, such as shredding.

Any decision to dispose of security classified waste using an authorised disposal company should be determined in the context of sound risk management and with the authority of the information owner.

3 Non-general control details

3.1 Transporting security classified informationTable 1 describes the protocol for manual transmission of security classified information assets.

Security classification Within a single location Between locations

UNCLASSIFIED May be passed uncovered by hand.Passed by internal mail in a use again envelope.

Passed by internal mail in a use-gain envelope.Passed by external mail in an opaque envelope.

X-IN-CONFIDENCE Single opaque envelope indicating classification.Uncovered by hand in discrete office environment.

Single opaque envelope that does not indicate classification.Receipting at discretion of information owner.Delivered by hand or authorised messenger including Australia Post

PROTECTED Single opaque envelope indicating classification.Uncovered by hand directly between authorised members of staff in discrete office environment.Should not be left unattended on recipient’s desk.

Double enveloping (ie. sealed inner envelope indicating classification placed within a single opaque outer envelope that does not indicate classification); orSingle opaque envelope that does indicate classification and secured in a lockable container and delivered by an authorised messenger.Receipting required.



QGEA

Security classification Within a single location Between locations

HIGHLY PROTECTED Single opaque envelope indicating classification.Uncovered by hand directly between authorised members of staff in discrete office environment.Must not be left unattended on recipient’s desk.

Double enveloping (ie. sealed inner envelope indicating classification placed within a single opaque outer envelope that does not indicate classification); orSingle opaque envelope that does indicate classification and secured in a lockable container and delivered by an authorised messenger.Receipting required.

Table 1: Manual transmission requirements

Table 2 summarises the protocols for data transmission of security classified information assets. See the NTSAF for further guidance.

Security classification Data transmission requirements

UNCLASSIFIED May use internal or external networks including the internet with controls as specified by the NTSAF.

X-IN-CONFIDENCE May be passed over appropriately classified internal networks as defined in the NTSAF.Should be encrypted when being sent between agencies using controls as specified by the NTSAF.

PROTECTED May be passed over appropriately classified internal networks as defined in the NTSAF.Should be encrypted when being sent between agencies using controls as specified by the NTSAF.

HIGHLY PROTECTED May be passed over appropriately classified internal networks as defined in the NTSAF. Must be encrypted when being sent between agencies using cryptographic protocols 2 as specified by the NTSAF.

Table 2: Data transmission requirements

3.2 Discussing security classified informationAll discussions of HIGHLY PROTECTED or PROTECTED information assets should occur behind closed doors in fully enclosed rooms. If discussions of X-IN-CONFIDENCE information assets are held, care should be taken to ensure that people without a need to know are not able to overhear the discussions.

When it is necessary to discuss security classified information assets in meetings (including in-person meetings, presentations, teleconferences, and video conferences), convenors should take appropriate steps to ensure that the audience is restricted to those with a need-











QGEA

to-know and that the risk of compromise of these assets is minimised by ensuring seating arrangements preclude the possibility of the information assets be viewed without proper authority.

Where meetings are held, the security classification of the information asset should be notified to the audience and the audience reminded of their responsibility to maintain confidentiality.

Visual aids such as slides and overhead transparencies should include the appropriate security classification markings and should be removed at the conclusion of the meeting, including deleting the presentation from corporate resources such as laptops. This includes deleting documents from the Recent Documents list, deleting any HTML pages from the browser history and emptying the Recycle bin.

Any security classified information assets placed on whiteboards should be erased with a suitable cleaner prior to the room being vacated.

3.2.1 Telephone and video conference

An agency’s private video conference, telephone or intercom systems using wireline or fibre optic transmission paths only (that is, no microwaves or similar radio frequency links) may be used to pass voice or facsimile information classified X-IN-CONFIDENCE without further precautions. For PROTECTED and HIGHLY PROTECTED information assets, additional encryption, or the use of approved secure communications systems, is required.

Mobile telephones should not be used for data or voice transmission of PROTECTED or HIGHLY PROTECTED security classified information assets unless both handsets are provided with encryption appropriate to the asset’s classification. See the NTSAF for details.

3.2.2 Records of discussion and/or presentation

Agencies will exercise discretion in regard to this aspect of information security. Where an agency decides it is applicable, a record should be taken of all discussions and presentations of HIGHLY PROTECTED and PROTECTED information assets. The record should detail the: nature of the material presented date audience present decisions made actions to be taken.

All records taken during the presentation or discussion of security classified information assets should assume the same security classification.

3.3 Copying security classified informationClassified information assets should only be reproduced (copied or re-printed) when it is strictly necessary to do so. Spare or spoilt copies of security classified information assets should be destroyed immediately in accord with the appropriate disposal requirements (including recordkeeping disposal schedules).

When making copies of information assets that have a copy number (especially PROTECTED and HIGHLY PROTECTED material), the permission of the information owner must be obtained. When seeking permission to make copies, the proposed




QGEA

additional distribution should be provided and the owner should indicate the appropriate copy numbers.

Copiers and printers should not be left unattended if classified information assets are being reproduced unless there are suitable physical access controls to prevent unauthorised persons (including those without a need-to-know) from both entering the area around the copier or printer, and viewing the material being printed.

3.4 Storage of security classified information and associated mediaPhysical security protection (in line with the security classification level of the asset) must be in place for all government offices, rooms, storage facilities and cabling infrastructure. Building and entry controls must be in place for areas that process or store security classified information assets.

The following section applies equally to the storage of physical (eg. paper) and electronic information assets. Electronic storage media2 (discs, CD Towers) containing classified information assets must be afforded the full protection given to equivalent classified hard copy information assets. Due to the risk of accidental loss and lack of movement control and audit trails, classified information assets stored on stand-alone or portable computers, hard drives, flash memory drives, and other storage devices must be treated with the same controls applicable to removable media including the use of encryption and storage where applicable in secure containers.

Where possible, this type of media must be clearly labelled in accordance with the security classification level of the data stored on the media. If encryption systems do not encrypt the entire media content, care must be taken to ensure that either all of the classified data is encrypted appropriately or that the media is handled in accordance with the highest classification of the unencrypted data.

Electronic storage media includes fixed or removable storage and can be either: volatile storage, which loses its information when power is removed, or non-volatile, which retains its information when power is removed.

Volatile media used to process classified material may be treated as UNCLASSIFIED once the power has been removed. As noted previously, any non-volatile media containing classified material should be labelled appropriately. In the case of internally mounted hard-drives, the computer case should be labelled.

Suitable storage for classified material and electronic media should be determined by a risk assessment. The type of secure storage device or area required is dependant upon a number of factors including: the classification of the information asset the type of access facility where the information is located the value and attractiveness of the information asset stored the structure and location of the building entry control systems other physical protection systems (for example, locks and alarms).

2 In the context of this framework, media is the component of computer hardware that is used to store information.



QGEA

3.4.1 Secure areas

Secure, Partially Secure or Intruder Resistant Areas are areas that have measures in place for the secure handling and storage of security classified information assets. They may be a single room, a building, or a complex consisting of a number of buildings.

The descriptions about what constitutes a Secure, Partially Secure, and Intruder Resistant Area are provided below and are summarised in Table 3. These descriptions have been adapted from the Protective Security Manual to assist the organisation when selecting appropriate handling and storage measures, including suitable containers.

Secure Area

A Secure Area is one that provides the highest integrity of access to, and audit of, security classified information assets to ensure restricted distribution and to assist in subsequent investigation if there is unauthorised disclosure or loss of information assets. The essential physical security features of a Secure Area include: appropriately secured points of entry and other openings tamper-evident barriers, highly resistant to covert entry an effective means of providing access control during both operational and non-

operational hours all persons to wear passes all visitors escorted at all times during non-operational hours a monitored security alarm system, providing coverage

for all areas where security classified information assets are stored an approved means of limiting entry to authorised persons.

Partially Secure Area

A Partially Secure Area is one that provides a degree of audit by both physical or electronic and personnel means. The essential physical security features of a Partially Secure Area include: appropriately secured points of entry and other openings tamper-evident barriers, highly resistant to covert entry an effective means of providing access control during both operational and non-

operational hours all persons to wear passes all visitors escorted at all times during non-operational hours a monitored security alarm system, providing coverage

for all areas where security classified information assets are stored an approved means of limiting entry to authorised persons.

Intruder Resistant Area

An intruder resistant area is a facility or room that meets the following essential physical security requirements (drawn from section 7.54 of the PSPF): tamper-evident barriers, resistant to covert entry, and an effective means of limiting entry to authorised people only during both operational

and non-operational hours.




QGEA

Control Measure Secure Areas

Partially Secure Areas

Intruder Resistant Area

Tamper-evident barriers, highly resistant to covert entry3 Yes Yes Yes

An effective means of providing access control during both operational and non-operational hours

Yes Yes Yes

All persons to wear passes Yes Yes Yes

All visitors escorted at all times Yes Yes Yes

Appropriately secured points of entry and other openings Yes Yes No

During non-operational hours a monitored security alarm system, providing coverage for all areas where security classified information assets are stored

Yes Yes No

An approved means of limiting entry to authorised persons Yes No No

Table 3: Description of security areas

The standard and combination of the measures should be in keeping with the highest level of security classified information assets protected in the area. The measures must ensure that the less effort and time required to gain access to the information asset, the quicker the detection and response must be to the security incident. Conversely, the better the physical security barriers protecting the information asset, the greater the time can be allowed for the detection and response to the security incident.

3.4.2 Security containers

Depending on the outcomes of the risk assessment and taking into account the various factors mentioned above, secure storage may range from (but is not limited to) lockable drawers, secure filing containers or compactus, to secure rooms. The recommended minimum standard of security container or room for security classified information assets depends on the types of area they are situated in, as shown in Table 44 (page 11).

3 Such barriers provide containment in all directions. They have enough resistance to covert entry to provide some assurance that a person attempting to gain unauthorised entry and exit without being apprehended would have to damage or modify the barriers so that it was obvious that a security incident had occurred.

4 The Australian Government specifies appropriate containers in its Security Equipment Catalogue (SEC) which is managed by the Australian Security Intelligence Organisation (ASIO).



QGEA

Facility physical security classification

Secure Area Partially Secure Area Intruder Resistant Area

HIGHLY PROTECTED

Class C cabinet or room Class B cabinet or room Class A cabinet or room

PROTECTED Class C cabinet or room5 Class C cabinet or room Class B cabinet or room

IN-CONFIDENCE

Agency discretion Lockable commercial cabinet

Lockable commercial cabinet

Table 4: Minimum security container requirements

Table 5 and Table 6 provide descriptions of secure containers and rooms.

Class A security container A steel-lined concrete-strengthened container secured with an endorsed combination lock manufactured to ASIO-approved specifications; for further information, refer to the Security Equipment Catalogue.

Class B security container A security container manufactured to ASIO-approved specifications; for further information, refer to the Security Equipment Catalogue.

Class C security container A security container manufactured to ASIO-approved specifications; for further information, refer to the Security Equipment Catalogue.

Table 5: Security container definitions

Class A secure room A room constructed and secured in accordance with ASIO specifications – note that doors are fitted with two endorsed combination locks; for further information, refer to the Security Equipment Catalogue.

Class B secure room A room constructed and secured in accordance with ASIO specifications – note that doors are fitted with one endorsed combination lock; for further information, refer to the Security Equipment Catalogue.

Class C secure room A room constructed and secured in accordance with ASIO specifications and locked using one lock endorsed for the protection of national security classification information; for further information, refer to the Security Equipment Catalogue.

Table 6: Secure room definitions

5 A lockable container with a Security Construction & Equipment Committee (SCEC) endorsed lock is also acceptable.



QGEA

3.5 Electronic authentication and access controlsIn addition to physical access controls, agencies must have a means of controlling access to their computer systems or networks. All computer-resident classified information assets should have authentication and access controls to ensure that only authorised users can access the information asset and it is not improperly disclosed, modified, deleted, or rendered unavailable. In addition, the computer and communications system privileges of all users, systems and programs should be restricted on a need-to-know basis. Authentication controls must be based on those documented within the Queensland Government Authentication Framework, which provides additional detail concerning appropriate authentication controls and mechanisms.

Where practical, computer and communications equipment should be located in secure areas with access control mechanisms in place to restrict use to authorised personnel only. Where physical controls are not possible, other control methods must be in place.

When implementing controls to restrict logical access to certain resources, agencies should: limit user access on the basis of Need-to-know provide users with the minimum of privileges required for their job require requests for access to a system be authorised by the information owner or

other approval authority.

To ensure that access and back-up of electronic information assets remain tightly controlled and monitored, classified information assets in electronic form are best stored and managed through an electronic document and records management system (eDRMS) or other system with appropriate equivalent functionality.

At a minimum, information assets kept on network file-servers must be kept in locked files designated for defined user groups and individual users.

3.6 Audit logsTo maintain confidentiality and integrity of classified information assets a strict audit logging process is to be implemented, with traceability provided from the security classified information register. This audit log must be carefully designed to ensure it is capable of providing a ‘trail of evidence’ which can be used to investigate inappropriate or illegal access.

Care must be taken that the audit log captures all information which is useful in constructing this trail of evidence. Audit log access controls must be in place with explicit user authentication (also logged) needed to view the audit log database. The levels of auditing required for security-classified information assets are shown in Table 6 (page 13).

It is best practice for administrators to not have read, write, modify or delete access to audit logs. Restricting access to auditors or other independent roles reduces the risk of unauthorised access, modification and loss on the part of the administrator and also protects the administrator.



http://www.qgcio.qld.gov.au/qgcio/architectureandstandards/qgea2.0/Pages/Application.aspx

QGEA

Audit Log Controls

Information Security Classification General User / Files Administrator

HIGHLY PROTECTEDLog In/Out, Failed Attempts, Read, Write, Modify & Delete

Log In/Out, File Access. Administrators are not to have Read, Write, Modify or Delete access to audit logs

PROTECTEDLog In/Out, Failed Attempts, Read, Write & Delete


IN-CONFIDENCELog In/Out, Failed Attempts & Delete


Unclassified Log In/Out, Failed Attempts,Log In/Out, File Access. Administrators are not to have Read, Write, Modify or Delete access to audit logs

Table 7: Levels of auditing required for classified information assets

3.7 Facsimile transmissionAll staff must be aware of the ‘need to know’ guidelines in this document for the transmission of information security assets using a facsimile. When transmitting any security classified material it is a requirement that someone attend the receiving facsimile to receive the material, and that receipt or non-receipt of the document is advised. For PROTECTED and HIGHLY PROTECTED there is an additional requirement that the link is encrypted. These controls are detailed in table 8.

Table 8: Facsimile transmission measures

PUBLIC

Measure UN-CLASSIFIED

IN-CONFIDENCE

PROTECTED HIGHLY PROTECTED

Requires encrypted link No No Yes Yes

May be faxed internally and externally if the recipient is standing by the receiving fax machine and there is no opportunity for any unauthorised person to view the document.

Not Applicable Yes Yes Yes

Receiving officer is to acknowledge receipt or non-receipt of the document within 10 minutes of its transmission

No Yes Yes Yes

Final v1.0.0, November 2010 Page 13 of 15


QGEA

3.8 Email transmissionInternal networks can be used to transmit in-confidence or higher classified data (although email should be a last resort for HIGHLY PROTECTED assets). When internal networks are used to transmit classified information assets, care must be taken to ensure that all mail servers involved in the transaction are appropriately secured to the required security classification.

If IN-CONFIDENCE or higher assets are passed between agencies they must be encrypted to an appropriate level (see the NTSAF for guidance).

Agencies should avoid sending information assets over email if the information has been classified as HIGHLY PROTECTED (although email may need to be used as a last resort).

When sending emails, agencies should also consider stating the classification level in the ‘Subject’ line eg [SEC=PROTECTED]. Including classification levels within emails allows easy recognition and handling at the email server gateway, assists application of security controls and enables appropriate recordkeeping activity. If agencies do decide to state the classification level within emails, policies and procedures should include: When are classification levels applied? (eg. original messages, replies, forwards) How staff can classify emails? What is the format and location of classification markings? What level of classification can be transmitted on the agency’s internal network? What is the level of classification that can be transmitted to external addresses?

Agencies should assess the risks associated with the accidental or unauthorised release of security classified information assets prior to transmitting them via email.

For further information on email classification, agencies can refer to the Australian Government’s Implementation Guide for Email Protective Markings for Australian Government Agencies.

3.9 Radio TransmissionGuidance on transmitting security classified information assets via radio is being explored. Until further details are provided, agencies should ensure that assets are transmitted via this channel only where other options are unavailable, and where the risks of disclosure have been assessed and accepted. In particular, the radio transmission of PROTECTED and HIGHLY PROTECTED information assets should only be used as a last resort.



http://www.finance.gov.au/e-government/security-and-authentication/docs/Protective_Markings.pdf

http://www.finance.gov.au/e-government/security-and-authentication/docs/Protective_Markings.pdf


QGEA

Appendix A Protective Security Manual standard file colours

The PSPF specifies standard file colours as indicated in the QGISCF. The recommended stripe colour is Pantone Process Yellow-2U. The stripe should run diagonally across the front and on the spine.

Table 9: PSM standard file colours

Security Classification File Colour Sample Colour

TOP SECRET post office red

SECRET salmon pink

CONFIDENTIAL Green

RESTRICTED blue or buff

HIGHLY PROTECTED salmon pink plus stripe

PROTECTED green plus stripe

X-IN-CONFIDENCE blue or buff plus stripe





QGEA

Version historyVersion Date Author Description

0.0.1 Jan 2010 QGCIO Initial draft based on QGISCF 1.1.1

0.0.2 Feb 2010 QGCIO Revisions after internal feedback

0.1.0 February 2010 QGCIO Whole-of-Government consultation

0.1.1, 0.1.2

April-September 2010

ICT Policy and Coordination Office

Revisions following whole-of-Government consultation

0.1.3 September 2010 Policy Governance, ICT Policy and Coordination Office

Update to new QGEA template

1.0.0 November 2010 ODG, DPW Approved

