Classify information
Information is classified to protect its integrity, availability and confidentiality. To manage the information risk, consider the nature and value of the information, the technical landscape and the threat environment.
All government-held information should have a protective marking or classification to ensure it is treated appropriately. The Government Security Classification System sets out what level of classification should be applied to official information depending on the level of risk if the information was released or compromised.
Classification markings should be applied in default document templates, email signatures or extensions to email clients.
Clear classification marking of information allows for easy filtering techniques such as outbound filtering and inspection by mail servers to lessen the risk of inadvertent information leakage via email.
What you need to know about publishing information on the web
- Information published by agencies in the public web domain is unclassified or has been released under the Official Information Act.
- Web publishers, site owners and managers need confidence in their agencies’ processes to ensure that classified information is not inadvertently published online.
- If you’re unsure about what classification to use for your information or have other concerns talk to your IT Security Manager (ITSM) or CISO. They’re responsible for ensuring that agency business and security practices are aligned with government security requirements.
Classification levels
This section describes the classification levels, type of information they apply to, and whether they have transmission and access restrictions.
Notes
- GCSB-encrypted means that information is encrypted using a system approved by the GCSB if information is transmitted or systems are communicating across public networks within New Zealand or across any networks overseas.
- An endorsement may also be applied in addition to any security classification. Endorsements are used to indicate the specific nature of the information or where there are temporary sensitivities, etc. Common endorsements include EMBARGOED FOR RELEASE, LEGAL PRIVILEGE, and BUDGET.
Before publishing information
- If information is still marked with a classification, follow up with the author/appropriate manager to check whether it is suitable for release.
- If it’s being released under the Official Information Act, this should be clearly marked on each page of the document (‘Released under the Official Information Act’ watermark).
- Check whether an endorsement applies, for example whether the content has been embargoed to a particular date/time.
Resources
NZ Government Security Classification System (external link)[L1]
NZ Information Security Manual (NZISM) (external link)[L2]
Designing for security and privacy
Links
- https://protectivesecurity.govt.nz/information-security/classification-system-and-handling-requirements/classification-system/
- https://www.nzism.gcsb.govt.nz/ism-document
Utility links and page information
Last updated