AGRkMS and security classification of information

In 2018 the Australian Government's Protective Security Policy Framework was reviewed and changed to simplify the security classification of information. These changes included consolidating Dissemination Limiting Markers (DLMs) into a single marking of 'Official: Sensitive'. This DLM replaces:

  • For Official Use Only (FOUO)
  • Sensitive
  • Sensitive: Legal
  • Sensitive: Personal

The 'Sensitive: Cabinet' DLM has been replaced by a CABINET caveat.

These changes are being grandfathered (PDF 273KB) through to October 2020.

Under the review, a need to continue to further categorise the subject matter of sensitive information was identified. In response the Attorney-General's Department and the National Archives agreed to use terms from the Rights property of the National Archives' Australian Government Recordkeeping Metadata Standard (AGRkMS) for this purpose. These terms describe the content of the information rather than the degree of harm which could result from its unintended release. The use of these terms with official or security classified information is optional.

To support this work, the National Archives revised and extended the available terms from the Rights Type Scheme in the AGRkMS. Changes include the addition of four new terms:

  • Commercial
  • Cultural
  • Legal Privilege
  • Legislative secrecy

The former term 'Privacy' has been updated to 'Personal Privacy'.

As a result of the changes to the Protective Security Policy Framework, the National Archives will also be updating properties in its metadata standards, relevant to security classification. Further information will be published as it's available.

Information Management Markers

Three terms from the Rights property of the AGRKMS have been designated as information management markers. These are expected to be used most commonly by agencies, particularly for email correspondence. They largely replace the functionality of the Dissemination Limiting Markers removed from the Protective Security Policy Framework. The terms are:

  • Legal privilege
  • Legislative secrecy
  • Personal privacy

More information

Protective Security Policy Framework – details on security classifications for Australian Government information.

INFOSEC 8 Sensitive and classified information (PDF 1.53MB) clarifies how information management markers can be used to categorise information content. Demonstrates how to identify information, including email, with protective markings and optional information management markers. Relevant sections include C.2.3, C.3.1. and Annex B.

INFOSEC 9 Access to information (PDF 494KB ) Requirement 5 requires agencies to apply the Security Classification, Security Caveat and Dissemination Limiting Marker properties from the Australian Government Recordkeeping Metadata Standard (AGRkMS) when managing access to information systems holding sensitive or security classified information.

Under this requirement agencies may, optionally, add terms from the Rights property of the AGRKMS to categorise information content. This requirement is further explained in section C.5.1.