1
Attachment A
Reference to the Protective Security Policy Framework (PSPF) from AGD
(http://www.protectivesecurity.gov.au/informationsecurity/Pages/default.aspx#classificationandcon
trol)
Mandatory requirement
INFOSEC 3: Agencies must implement policies and procedures for the security classification and
protective control of information assets (in electronic and paper‐based formats) which match their
value, importance and sensitivity.
Reference to DHS’ “Email Protective Markings”
(http://hsi.csda.gov.au/wps/portal/dhs_hspi/intranet/servicesfunctions/security/email‐protective‐
markings.htm#a1)
Email Protective Markings
Unofficial
This protective marking includes emails, including attachments, that are not related to any
government or agency business function, typically used for email of a private nature.
Unclassified
This protective marking includes emails, including attachments, that are related to a government or
agency business function, but does not contain information where disclosure would harm the
Government, individuals or other organisations.
The following Protective Markings are classified as Dissemination Limiting Markers (DLM).
These markings must be applied to emails where disclosure of the content of the email (including
attachments) may be limited or prohibited by legislation, or where it may otherwise require special
handling.
For Official Use Only
This DLM protective marking includes emails, including attachments, which may cause limited
damage to the government, commercial entities or members of the public, and/or which may fall
under the category of an ‘exempt document’ under the Freedom of Information (FOI) Act Part IV.
Sensitive
This DLM protective marking includes emails, including attachments, where the secrecy provisions of
legislation or other enactments may apply, and/or disclosure may be limited or prohibited under
legislation.
Sensitive: Legal
This DLM protective marking includes emails, including attachments, that may be subject to legal
professional privilege and/or attract legal privilege as defined in the Evidence ACT 1995 Section 3.10,
the equivalent jurisdictional legislation.
2
This does not include all legal information owned by the department.
Sensitive: Personal
This DLM protective marking includes emails, including attachments, defined by the Privacy Act 1998
(This aligns with the definition of sensitive information in Section 6 of the Privacy Act.) and includes
information, either fact or personal opinion about:
an individual’s sexual preference
an individual’s health status
an individual’s political beliefs.
Images of the dialogue box that will now appear are shown below.
Centrelink Desktop
Centrelink Web Access
3
Outlook desktop
Outlook Web Access for Common Desktop
Distribution of emails
It is important that emails are sent with the correct Protective Marking as this affects the way an
email is distributed.
Emails that are marked with a DLM are distributed through secure email systems as they must not
be transmitted, without protection, across the Internet under the guidance provided by the
Australian Government Protective Security Policy Framework as this fails to ensure an acceptable
level of security to the email content.
The Department of Human Services use two secure email systems to transmit DLM emails, Fedlink
and Pretty Good Privacy PGP.
Fedlink is a dynamic encryption mechanism that provides secure and trusted communications across
any medium, including the Internet for communication between most Australian Government
Departments and Agencies. This enables Departments and Agencies to transmit and receive
4
information securely, up to and including the classification of PROTECTED, across insecure links.
Most Commonwealth Departments and Agencies are connected to Fedlink, an email addressed to
one of these Departments or Agencies will automatically use this system. See the list of Fedlink
connected Departments and Agencies.
An outbound DLM email addressed to non‐Fedlink destinations will automatically use the PGP
secure email system. This system encrypts outbound emails prior to delivery. Recipients will receive
a message that explains how the email can be decrypted. The system also allows the recipients to
send a secure reply, which includes encryption of the message text and attachments.
Notes:
The department’s email system cannot be used to send PROTECTED or higher information.
Most Unclassified or Unofficial information is not Public Domain Information. Public Domain
Information is unclassified information that is authorised for unlimited public access and
circulation, (for example, agency publications or websites).
Further assistance
For more information or support email is 47E(d)
Content Details
Business Owner
ICT Core Infrastructure Division, Security Branch
Date published
5 September 2013
Clause 1
Australian Government
5
Clause 2
Department of Human Services
Instructions for prisons registering, receiving and sending
encryption email to the Department of Human Services
The Department of Human Services uses PGP secure email system to transmit emails using
a secured connection. The PGP secure email tool is located within the DHS gateway
environment.
Receiving Encryption Email from the Department
1. You wil receive an email from the department, which looks like this:
s 22
s 22
s 22
2. Select the link in the email. You wil be taken to the URL:
https://securemail.humanservices.gov.au and may be asked to accept a digital
certificate.
3. If you are not already registered for the system you wil be taken to this page.
6
4. In order to register, choose your own password and select the ‘Continue’ button.
Note: Fol ow the specific requirements required for creating your password.
5. Once you have done this, you wil be able to access your secure email box.
6. In the future, you wil access your secure email box by entering your email address
and password at this li
nk> https://keys.humanservices.gov.au
7
Sending Encryption Email to the Department
1. To send encryption email to the Department of Human Services, access your secure
email box by entering your email address and password at this this link>
https://keys.humanservices.gov.au
2. Once in the secure email box, go to ‘Compose’ to send a secure email to the
department. For instance,
To: enter email address
Add attachment: to add a file
Send: wil send the encryption email to the Department of Human Services recipient
Note:
8
Emails sent from your regular email account to the department are
handled independently of any prior relationship established on the PGP
Secure Mail server and therefore not transmitted using an “https” secured
connection. To send emails to the department over the secured
connection follow the steps above.
The email that contains the link to the PGP Secure Mail server, cannot be
directly replied to from your regular email account. If you try to reply to this
email from your regular email account you wil receive an email You wil
receive an email from the department, which looks like this:
9
User Guide for the PGP secure mail solution
10
Introduction
The Department of Human Services has deployed a new Secure Email service to replace
the Sigaba system.
This system was implemented on the 29th of June 2012 and provides a secure channel for
the transfer of information with an IN-CONFIDENCE or FOR OFFICIAL USE ONLY
classification.
11
Registering
If you have not used the service before you wil need to register. The steps below outline this
process.
1. You wil receive an email from the Department, which looks like the following:
2. When you select the link you wil be taken to a page which resembles the following
screenshot.
3. In order to register an account, choose your own password and select the ‘Continue’
button.
12
4. You wil now have access to your secure email box.
link to page 11
13
Accessing the Mailbox
In the future, you wil need to access their secure email box by entering their email
address and password which they choose at step 4 of the
Registering procedure.
1. You wil receive an email from the Department, which looks like the following:
2. When you select the link you wil be taken to the following page.
3. Enter your email address and password, then select ‘Login’.
4. You wil now have access to your secure email box.
link to page 13 link to page 13
14
Viewing an email
1. In order to view an email, you should log into the system using the
accessing the
mailbox procedure.
2. From here, you can select the subject of the email which you wish to read. This wil
open the email.
link to page 13 link to page 13 link to page 14
15
Composing an email
1. In order to send an email, you should log into the system using the
accessing the
mailbox procedure.
2. Select the ‘compose’ button on the left hand side of the screen. OR open an email
using the
Viewing an email procedure and select Reply. You wil be taken to the
following screen.
3. From this screen, you can enter a valid human services email address (if you did not
select reply), compose your message and add attachments.
4. When you have finished writing your message. Select ‘Send’.
link to page 15
16
Including an attachment in an email
1. From the compose screen (see
composing an email) select add attachment.
2. Select ‘browse’ and locate the file you would like to attach to your email.
3. Once you have located the file, select ‘attach’.
4. You can now select ‘OK’ and send the email.
17
Resetting your password
1. In order to reset your password select the ‘I lost my passphrase’ link.
2. You wil then be taken to the following screen where you can enter your email
address. Once this is done, select the ‘send’ button.
3. You wil then be sent an email which wil contain a link allowing you to reset the
password.
link to page 13
18
4. Selecting the link, wil take you to the following web page. Choose a new passphrase
and select ‘continue’.
5.
You wil now be able to access secure mail using the
‘Accessing the Mailbox’
procedure.
