As the deadline for the 2018 Protective Security Policy Framework (PSPF) approached (1 October 2020), the Email Protective Marking Standard (EPMS 2018.3) was updated to incorporate a special handling caveat for National Cabinet. Most Australians will be aware that the 'National Cabinet' was instituted as one of the responses to the COVID-19 pandemic. This collaboration between Federal and State governments has given rise to the need for this special handling requirement. To quote the Commonwealth Attorney General's Department regarding the need for the revised EPMS 2018.4:
"This version aligns to changes to the Security Caveat Guidelines, approved by the National Intelligence Security Sub-Committee on 18 August 2020, to create a NATIONAL CABINET caveat for use with OFFICIAL: Sensitive and above."
The revision was announced 25 September, 2020. Agencies started to use this new marking from 1 December 2020 and the updated EPMS is due to be implemented by March 2021. Janusnet recommends that Departments and agencies that need to use the NATIONAL CABINET caveat start testing as soon as possible. For more information see the Changes in ther revised PSPF Policy 8: Infosec 08 Sensitive and security classified information v2018.4
For those agencies not affected by the NATIONAL CABINET caveat, their configurations should be updated to the most current version of the EPMS released 1 October, 2020. The EPMS 2018.3 changes affected the selection of IMMs and Caveats. The change was relatively minor and involves the formatter of the x-header of subject line when a sender selects Caveats and Markers at the same time. In the example below we see the order has changed with the Caveat (Cabinet) now appearing before the IMM (Personal Privacy).
(Also this update eliminated the small confusion between the EPMS 2018.1 standard and 2018.2 (the document version) as both the document and that standard have the same version number.)
The PSPF Policy 8, 18 November 2019 rewrite provides updates on the use and storage of sensitive and classified information particularly when outside the office. It relates to information accessed via mobile devices. A summary of the protections required for each protective marking is listed in new Annexes A-E.
For more information see the Changes in revised PSPF Policy 8: Sensitive and classified information pdf. For a summary of Section 8, visit the Sensitive and classified information page or click here for the complete PSPF Infosec 08 Sensitive and security classified information v2018.3 pdf.
Tools TO HELP
- Janusseal latest version: handles the NATIONAL CABINET caveat and can be obtained from the download page.
- EPMS2018.4 configuration files: available from the Australian Government page.
- EPMS Validation Service: test your EPMS configuration by sending a test message to EPMS@janusnet.com
The Janusnet EPMS Validation Service is simple to use. Just send an empty email for each marking type and you will receive a response indicating if the protective marking is compliant with the 2018 EPMS. More instructions and advice is here.