ContactInsightsRecognitionFAQs
1300 453 285 Get Started
ContactInsightsRecognitionFAQs
1300 453 285 Get Started

PSPF Direction 003-2025: Online Disclosure of Security Clearances

Australia’s PSPF Direction 003-2025 clamps down on advertising security clearances online, with Defence Industry and DISP entities expected to tighten policies, training and spot checks.

PSPF Direction 003-2025 – Online Disclosure of Security Clearances 

On 7 October 2025, the Secretary of the Department of Home Affairs issued PSPF Direction 003-2025 – Online Disclosure of Security Clearance and National Security Information. While this Direction is legally binding on non-corporate Commonwealth entities, it has very real implications for anyone who holds an Australian Government security clearance – including contractors and Defence Industry personnel working under the Defence Industry Security Program (DISP). 

This article explains what the Direction requires, why it matters, and what it means in practical terms for clearance holders and DISP entities, with a particular focus on the responsibilities of Security Officers.

PSPF Directions – The Context 

The Protective Security Policy Framework (PSPF) applies to non-corporate Commonwealth entities subject to the Public Governance, Performance and Accountability Act 2013. The PSPF provides that, having considered advice from key technical authority entities, the Secretary of the Department of Home Affairs may issue a Direction to accountable authorities to manage a specific protective security risk to the Australian Government. 

When a Direction is issued, the Accountable Authority of each affected entity must adhere to it. PSPF Direction 003-2025 focuses on the risks arising from personnel publicly identifying themselves as security clearance holders, or alluding to their access to security classified information, on online platforms such as LinkedIn and social media. 

What PSPF Direction 003-2025 Requires 

PSPF Direction 003-2025 requires Australian Government entities to manage the risks arising from personnel disclosing information online that:

  • Identifies or alludes to their access to security classified material, including the fact that they hold a security clearance, or
  • Reveals or suggests security clearance information in a way that could make them or their entity more vulnerable to targeting.

This must be done by expanding established personnel security risk management and monitoring activities, and by introducing a specific policy that prohibits publication of security clearance information online. 

Key Definitions in the Direction 

The Direction defines several important terms:

  • Personnel – any employee, contractor, secondee, service provider engaged by an entity, and any person given access to Australian Government resources as part of sharing initiatives.
  • Online platforms – all publicly accessible online websites, including social media platforms and employment-focused platforms such as LinkedIn. It excludes official public transparency and accountability mechanisms such as Hansard.
  • Security clearance information – any information confirming or suggesting a person’s security clearance level, security vetting agency, or any other information that could identify them as holding a security clearance.
  • Designated high-risk position – positions where personnel are identifiable as having access to, or transferable knowledge of, highly secure facilities, platforms and personnel (for example, Defence-related programs or industries, intelligence functions, or undeclared locations).

Why This Direction Has Been Issued 

Following threat and risk analysis, the Secretary has determined that there is a pressing need to manage security risks arising from online disclosure of clearance and national security information due to increased threats of foreign interference, espionage and sabotage. 

Security clearances afford personnel privileged access to Australian Government security classified information and resources. When a person publicly discloses that they hold a clearance, or alludes to their access to classified material, they:

  • Draw attention to themselves as potentially high-value targets,
  • Make their employing entity more visible to hostile actors, and
  • Increase the likelihood of online, cyber, social engineering and real-world approaches aimed at cultivation and exploitation.

The Direction also explicitly notes the importance of a public policy statement to demonstrate best practice for non-government holders of security clearances. In other words, this is a signal to industry and contractors – not just government departments. 

Immediate Actions by Technical Authorities 

The Direction outlines several immediate actions that technical authority entities will take:

  • The Department of Home Affairs will extend relevant requirements to key private sector providers through the Hosting Certification Framework.
  • Home Affairs will work with social media providers to access publicly available data and identify non-compliance.
  • The Australian Security Intelligence Organisation (ASIO) will introduce additional requirements for TOP SECRET – Privileged Access clearance holders.
  • The Australian Government Security Vetting Agency (AGSVA) will introduce additional requirements for other security clearance holders.

This clearly indicates that both public sector entities and key private sector partners will be expected to align with the new standard.

Mandatory Requirements by 1 December 2025 

By 1 December 2025, all non-corporate Commonwealth entities must implement the following:

1. A specific policy on publication of security clearance information

  • Applies to all security clearance levels.
  • Prohibits the publication of security clearance level.
  • Clearly defines limitations on employment-related information that can be publicised.
  • Prioritises personnel occupying designated high-risk positions.
  • Is integrated into the entity’s annual Security Checks, including requiring personnel to confirm compliance.
  • Includes regular auditing to ensure compliance.

2. Specific training on foreign interference and espionage

  • Includes training on foreign interference, espionage, cultivation and exploitation by foreign powers.
  • Provides targeted awareness training for personnel in designated high-risk positions.
  • Encourages proactive and comprehensive contact reporting and explains how to report within the entity.

3. Reporting of implementation

Entities must report completion of these requirements to the Commonwealth Security Policy Branch at Home Affairs ([email protected]). During the 2025-26 annual PSPF reporting period, they must also provide a summary of:

  • Reported disclosures of information that identifies or alludes to personnel access to security classified material (including stating that they hold a security clearance) on online platforms, and
  • Mitigations implemented in response.

This information must be provided to both the Department of Home Affairs and the relevant Authorised Vetting Agency.

What Does This Mean to Me as a Clearance Holder? 

Even if you work in Defence Industry or as a contractor rather than directly for a government department, this Direction represents the new standard of behaviour expected from clearance holders.

Stop advertising your clearance

Clearance holders should assume that publicly advertising their clearance is now inconsistent with best practice, and in many cases will be explicitly prohibited by policy. This includes:

  • Stating that you hold a security clearance (e.g. “NV1-cleared”, “AGSVA-cleared”, “security-cleared to Secret”).
  • Listing your exact clearance level on LinkedIn or other profiles.
  • Referencing your vetting agency in public profiles.
  • Writing job descriptions that clearly allude to access to classified environments, facilities or programs.

Instead, focus on describing your skills and experience in neutral terms, such as “information security professional supporting complex government programs” or “systems engineer experienced in regulated and secure environments”.

Review your online footprint

Clearance holders should proactively:

  • Review LinkedIn, job board profiles, personal websites and professional bios.
  • Remove any statements that confirm or strongly suggest that they hold a security clearance.
  • Avoid posting photos that reveal passes, access cards, building internals or secure locations.
  • Refrain from publicly discussing classified topics, secure facilities or internal processes, even in vague or general terms.

Expect more questions during security checks

Because entities must integrate this into their annual Security Checks, you can expect:

  • Questions about your online presence and professional profiles.
  • Spot checks or audits of publicly available information about you.
  • More emphasis on online behaviour in annual security awareness training.

If you are unsure whether something is acceptable to post, ask your Security Officer or agency security team before making it public.

Report past disclosures

If you realise you have previously disclosed clearance-related information online, you should:

  • Take corrective action (update or remove the content), and
  • Report the issue through your usual security reporting channels or change-of-circumstances processes.

Being proactive and transparent is always preferable to hoping it goes unnoticed.

What Does This Mean for DISP Entities? 

DISP membership already requires Defence Industry entities to maintain strong governance, personnel security, physical security and ICT/cyber security controls. DISP members must appoint a Chief Security Officer (CSO) and a Security Officer (SO) responsible for personnel security governance and clearance management.

PSPF Direction 003-2025 sets a clear expectation that entities working with the Australian Government – including Defence Industry – will align with these requirements as best practice, even if they are not directly bound as non-corporate Commonwealth entities.

Policy and procedure updates

For DISP entities, Security Officers should now be:

  • Updating personnel security policies to explicitly prohibit online publication of clearance information.
  • Defining what employment-related information may be public (e.g. generic titles vs. specific program names or locations).
  • Ensuring policies cover all levels of clearance and all categories of personnel, including contractors and secondees.
  • Aligning internal policies with the PSPF Direction, DISP requirements and Defence’s security expectations.

Integrating into DISP governance

Online disclosure risk should be embedded into existing DISP-aligned practices, including:

  • Designated Security Assessed Positions (DSAP) management, ensuring external position descriptions do not flag clearance requirements or explicit access to classified environments.
  • Security registers and incident logs, capturing any incidents of online disclosure and actions taken.
  • Security education and training, adding modules on online disclosure, foreign interference and OSINT-driven targeting.
  • Internal reporting to executives and Defence, demonstrating ongoing compliance and continuous improvement.

Spot Checks and Inspections of Cleared Personnel 

The Direction requires regular auditing to ensure compliance with the new policy. For DISP entities, this translates into a clear expectation that Security Officers will conduct active and ongoing assurance activities – not simply rely on self-declarations.

Incorporating online checks into security processes

Security Officers should consider incorporating online disclosure checks into:

  • On-boarding – reviewing new starters’ public profiles and CVs for clearance references; providing specific guidance on acceptable and unacceptable wording.
  • Annual security checks – asking personnel to confirm they are not publicly disclosing clearance status and conducting spot checks, especially for those in high-risk positions.
  • Role changes – when personnel move into designated high-risk positions, undertaking targeted checks and issuing reinforced guidance.
  • Exit / off-boarding – reminding departing staff that obligations continue after they leave, and that they must not advertise their clearance or classified work history online.

What to look for in a spot check

When reviewing a clearance holder’s public presence, Security Officers should look for:

  • Explicit references to clearance (Baseline, NV1, NV2, PV, TOP SECRET, AGSVA-cleared, etc.).
  • Descriptions clearly linking the person to classified programs, secure facilities or undeclared locations.
  • Images showing access passes, secure areas or sensitive infrastructure.

Issues should be documented in the security register, discussed with the individual, remediated promptly, and reported to Defence or the vetting agency where required.

Timeline and Next Steps 

Entities should note the following key milestones:

  • Now – Direction in force; planning for policy updates, training enhancements and auditing processes should be underway.
  • By 1 December 2025 – Non-corporate Commonwealth entities must have implemented the policy, training and auditing requirements and reported completion to Home Affairs.
  • 2025–26 PSPF reporting period – Entities must report online disclosure incidents and mitigations to both Home Affairs and their authorised vetting agency.

For Defence Industry and DISP members, it is prudent to assume Defence and other government customers will increasingly expect tangible evidence that your organisation has aligned to this Direction.

Practical Checklist – What You Should Do Now 

If you are a clearance holder

  • Audit your LinkedIn and other public profiles for any reference to security clearances or access to classified material.
  • Remove or re-word content so it no longer confirms or suggests that you hold a clearance.
  • Report any past over-disclosures through your usual security reporting channels and demonstrate corrective action.
  • Engage actively with security awareness training and ask your Security Officer if you are unsure about specific wording.

If you are a DISP entity or Security Officer

  • Update personnel security policies to prohibit online disclosure of clearance information.
  • Integrate online disclosure checks into on-boarding, annual security checks, role changes and off-boarding.
  • Enhance training content to address foreign interference, OSINT-driven targeting and online behaviour.
  • Conduct regular spot checks of cleared personnel’s public profiles, focusing on high-risk positions.
  • Record incidents and mitigations in your security register and be prepared to demonstrate governance to Defence and vetting agencies.

In Summary 

PSPF Direction 003-2025 reinforces a simple but critical principle: holding a security clearance is not a badge to be displayed online. It is a trust relationship that carries ongoing obligations to protect yourself, your organisation and Australia’s national security interests.

For clearance holders, that means tightening your online footprint and being honest and proactive about any past disclosures. For DISP entities and Security Officers, it means updating policies, lifting training, and embedding spot checks and inspections of cleared personnel into routine security governance.

WorkSec’s Trusted Workforce and security governance services can help you interpret PSPF Direction 003-2025 in the context of your risk profile, implement practical controls and assurance activities, and demonstrate to Defence and government customers that your organisation takes personnel security seriously – both offline and online.

Stuart Rainsford
Stuart Rainsford

Managing Director with expertise in Defence, IT, and governance, leading WorkSec to strengthen Australia’s Trusted Workforce.

Share this article
Download:
PSPF Direction 003-2025

Other insights

Gain valuable knowledge from WorkSec’s in-depth articles, case studies, and industry reports. Stay informed on personnel security trends, best practices, and regulatory updates to maintain a competitive advantage.

View all
General
Sat 25 Oct
Cleared Careers Part 2: The Security Cleared Talent Pool

Cleared Careers Part 2: The Security Cleared Talent Pool

Competition for security-cleared talent in Australia’s defence and government sectors is surging, with WorkSec helping candidates navigate eligibility, suitability, and sponsorship to build trusted, cleared careers.

Read more
General
Sat 25 Oct
Cleared Careers Part 1: The Cleared Industry

Cleared Careers Part 1: The Cleared Industry

Teaming and partnering in the defence sector help businesses meet DISP sponsorship and compliance needs with trusted, cleared workforces.

Read more
General
Fri 30 May
Defence Industry Leadership – The Business of Trust

Defence Industry Leadership – The Business of Trust

Trust in defence industry supply chains is at the heart of bolstering our national security.

Read more
General
Thu 29 Feb
Defence Industry Development Strategy

Defence Industry Development Strategy

Trust in defence industry supply chains is at the heart of bolstering our national security.

Read more

Ready to Get Started?

Whether you’re an individual seeking security clearance sponsorship or an organisation needing personnel security governance, reach out to WorkSec today to take the next step in securing your future.

Get Started
Tailored Solutions for:
SMEs DISP Members Recruiters Defence Primes Individuals
Get Started Background

Search our knowledge base

Find fast answers by typing your query below.

Stuart Rainsford

Managing Director
Stuart Rainsford

Stuart is the Managing Director, Chief Security Officer, and Chief Information Security Officer of WorkSec. With more than 20 years of experience in enterprise security, ICT, and Defence, Stuart is a seasoned leader specialising in strategic planning, risk management, and operational excellence. Recognising the critical talent shortage in the Defence Industry, Stuart founded WorkSec to address personnel security governance challenges and strengthen Australia’s sovereign capability.

His career spans executive leadership in IT, cyber security, and Defence, where he has applied his expertise in governance, compliance, and operational oversight to deliver sustainable outcomes. Known as a “strategic activator”, Stuart combines visionary thinking with a decisive, action-oriented approach, ensuring ideas are swiftly transformed into practical results. This skill allows him to navigate complex challenges, drive innovation, and inspire teams to deliver on long-term strategic goals.

Stuart holds a Master’s Degree in Management, a Graduate Certificate in Business Administration, and is a Graduate of the Australian Institute of Company Directors (GAICD) and the Australian Centre for Business Growth. Currently completing his MBA, he has also served as a non-executive board member for several organisations and associations. With his blend of technical insight, governance expertise, and strategic activation, Stuart continues to guide WorkSec in delivering Trusted Workforce solutions that align with Australia’s national security priorities.

Connect with Stuart