GCSB updates NZ Information Security Manual

New Zealand’s Government Communications Security Bureau (GCSB) has updated the New Zealand Information Security Manual to ensure it remains fit for purpose and takes into account new security developments.

The updates include one policy change related to the section on key management operating practices, which has involved the deletion of one security control covering developing key management plans, the addition of another control and the modification of a third.

Meanwhile, editorial changes have been made to the section covering the applicability, authority and compliance of the Government Chief Information Security Officer, outlining the roles of the position under its new system lead management.

Finally, the section covering information security services within government has been amended to provide updated information on the GCSB and its mission. As part of this change, a control has been modified to stipulate that security personnel must familiarise themselves with the information security roles and services provided by New Zealand Government organisations.

According to the GCSB, the changes were driven by threats and risks identified through enquiries from agencies, the agency’s own research, information security policy gaps highlighted by changes in the way government agencies work, and changes to the international security frameworks and standards that the manual has been based on.

A planned addition of new content governing use of the Bluetooth protocol has been kept out because it still requires further work and consultation, the GCSB added. The new section will be published later this year.

Image credit: iStock.com/Parradee Kietsirikul