TheArtOfService
Back to Frameworks

Defence Security Principles Framework (DSPF)

Self-Assess
Australia
v2024
6 domains
21 controls

The Defence Security Principles Framework sets out security principles and controls for the Australian Department of Defence and its industry partners. It is a principles-based framework supporting a progressive protective security culture. All Defence personnel, contractors, consultants and outsourced service providers must adhere to the DSPF.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (6)

DSPF: Defence Industry and Research Security

2 controls
Controls in the DSPF: Defence Industry and Research Security domain of Defence Security Principles Framework (DSPF)2 controls
CodeTitle
DSPF-P16Defence Industry Security Program
DSPF-P31Defence research, innovation and collaboration security

DSPF: Information Security

4 controls
Controls in the DSPF: Information Security domain of Defence Security Principles Framework (DSPF)4 controls
CodeTitle
DSPF-P10Classification and protection of official information
DSPF-P13Communications security (COMSEC)
DSPF-P14Audio-visual security
DSPF-P15Foreign release of official information

DSPF: Information and Technology (Cyber) Security

7 controls
Controls in the DSPF: Information and Technology (Cyber) Security domain of Defence Security Principles Framework (DSPF)7 controls
CodeTitle
DSPF-P20Information and technology security - logging and monitoring
DSPF-P21-22Information and technology security - physical and personnel
DSPF-P23Cyber security assessment and authorisation
DSPF-P24Information and technology security - incident management
DSPF-P25Information and technology security - gateways and data transfer
DSPF-P26Information and technology security - portable devices and media
DSPF-P27-29Information and technology security - system planning, management and business impact

DSPF: Personnel Security

6 controls
Controls in the DSPF: Personnel Security domain of Defence Security Principles Framework (DSPF)6 controls
CodeTitle
DSPF-P40Personnel security clearance
DSPF-P41Temporary access to classified information and assets
DSPF-P42Identity security
DSPF-P44Overseas travel
DSPF-P45Contact reporting
DSPF-P46Counterintelligence

DSPF: Physical Security

1 controls
Controls in the DSPF: Physical Security domain of Defence Security Principles Framework (DSPF)1 controls
CodeTitle
DSPF-PHYS-PRINPhysical security of facilities, zones and assets

DSPF: Security Governance and Risk

1 controls
Controls in the DSPF: Security Governance and Risk domain of Defence Security Principles Framework (DSPF)1 controls
CodeTitle
DSPF-GOV-PRINSecurity governance, risk management and culture

Your Compliance Coverage

If you comply with Defence Security Principles Framework (DSPF), you already cover:

Defence Industry Security Program (DISP)

14%

3 controls mapped

Compare →

ISO 27701:2019

10%

2 controls mapped

Compare →

NIST Cybersecurity Framework 2.0

5%

1 controls mapped

Compare →
See all 3 mapped frameworks ↓

Maps to 3 other frameworks

21 total controls
Defence Industry Security Program (DISP)
3 source controls mapped|3 target controls covered
14%
ISO 27701:2019
2 source controls mapped|2 target controls covered
10%
NIST Cybersecurity Framework 2.0
1 source controls mapped|1 target controls covered
5%
Compare Defence Security Principles Framework (DSPF) with Defence Industry Security Program (DISP)

Frequently Asked Questions

What is Defence Security Principles Framework (DSPF)?

Defence Security Principles Framework (DSPF) is a compliance framework from Australia with 6 domains and 21 controls. The Defence Security Principles Framework sets out security principles and controls for the Australian Department of Defence and its industry partners. It is a principles-based framework supporting a progressive protective security culture. All Defence personnel, contractors, consultants and outsourced service providers must adhere to the DSPF. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does Defence Security Principles Framework (DSPF) have?

Defence Security Principles Framework (DSPF) has 21 controls organised across 6 domains. The largest domains are DSPF: Information and Technology (Cyber) Security (7 controls), DSPF: Personnel Security (6 controls), DSPF: Information Security (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does Defence Security Principles Framework (DSPF) map to?

Defence Security Principles Framework (DSPF) maps to 3 other compliance frameworks. The top mapping partners are Defence Industry Security Program (DISP) (14% coverage), ISO 27701:2019 (10% coverage), NIST Cybersecurity Framework 2.0 (5% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with Defence Security Principles Framework (DSPF) compliance?

Start your Defence Security Principles Framework (DSPF) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Defence Security Principles Framework (DSPF) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 21 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.

Get Started Free →

Free forever — no credit card required