The Security Policy Framework (or "SPF") is a set of high-level policies on security, mainly affecting the UK government and its suppliers.
Version 11 was published in October 2013; it has 20 "Mandatory Requirements" grouped into four policy areas.
[4] Public-sector bodies are responsible for managing their own technical security risks, but can draw on expertise and guidelines provided by CESG and the Cabinet Office.
[5] The Ministry of Defence has its own separate policies and systems.
The SPF superseded the Manual of Protective Security.