The Protective Security Policy Framework is mandatory for Commonwealth entities and extends to their suppliers. If you handle government data or bid on government contracts, you need to demonstrate PSPF alignment. Full gap analysis in 1-2 weeks.
Guarantee: Under 3 critical gaps found? You don't pay.
Sound familiar?
Government contracts require it
Commonwealth procurement increasingly requires suppliers to demonstrate PSPF alignment. Without it, you're excluded from the tender process before it starts.
PSPF embeds Essential Eight
The 2025 PSPF release embedded Essential Eight and Zero Trust principles. If you're a government supplier, E8 Maturity Level 2 isn't optional. It's baked into the framework.
Annual reporting is mandatory
Commonwealth entities must report annually on their PSPF maturity. Your contract requires you to support that reporting. You need to know your posture.
Not sure where your gaps are?
Free 3-minute scorecard. Covers controls mapped to PSPF and Essential Eight.
Governance, information, personnel, and physical security reviewed together. One engagement, one report, one person accountable. Written so your leadership team can actually read it.
Included if relevant to your business:
Typical Big 4 engagement
$30,000+
Your price
$6K-$8K
Delivered in 1-2 weeks. Not 6-8.
Under 3 critical gaps found? You don't pay.
Zero risk. I've never had to honour this.
Free scorecard
2 minutes. See where your organisation stands against PSPF and Essential Eight requirements. No email needed.
Take the scorecardDeep assessment
1-2 weeks, fixed price. I review your governance, information security, personnel security, and physical security controls against PSPF.
Board-ready report
Compliance report with prioritised remediation roadmap. Written for your leadership team, not just your IT department.
Government suppliers
You provide services, technology, or consulting to Commonwealth government entities. Your contract requires PSPF alignment.
IT service providers to government
You host, manage, or process government data. PSPF compliance is a condition of your service agreement.
Companies bidding on government tenders
The tender requirements mention PSPF, Essential Eight, or security maturity. You need to demonstrate compliance to be considered.
Existing suppliers facing review
Your government client is tightening security requirements and you need to demonstrate your current posture.
I'm a senior software engineer with 10+ years in platform infrastructure. CNCF maintainer. ASD Cyber Security Partner. I do the assessment myself. No juniors, no handoffs, no 200-page report written by a graduate who's never seen production code.
You talk to me, I do the work, I write the report. That's why it costs $6K instead of $30K.
The Protective Security Policy Framework is the Australian Government's security framework. It covers governance, information, personnel, and physical security. It's mandatory for all non-corporate Commonwealth entities.
Yes. Commonwealth entities are required to manage security risks in their supply chain. If you handle government data or provide services to government, you need to demonstrate PSPF alignment.
The 2025 PSPF release embedded Essential Eight as the baseline cyber security standard. PSPF compliance effectively requires E8 Maturity Level 2.
Three ways. First, I do the work myself. No juniors, no handoffs. You get a senior engineer with 10+ years experience, not a team where the partner shows up for the pitch and a graduate does the assessment. Second, it costs $6-8K instead of $30K+. Third, it takes 1-2 weeks instead of 6-8. Same rigour, less overhead.
Yes. The assessment identifies gaps and prioritises them. If you need help closing those gaps, I can scope a remediation engagement separately. Most organisations start with the assessment and then decide what they want to tackle themselves vs what they need help with.
Start with the free scorecard. Or book a scoping call and I'll walk through what PSPF compliance means for your organisation.
Taking on 2-3 PSPF assessments per month. First in, first served.
