The Security Policy Framework (or "SPF") is a set of high-level policies on security, mainly affecting the UK government and its suppliers. These mandatory requirements are a baseline which apply to all UK government departments; higher requirements may apply in some cases. Public-sector bodies are responsible for managing their own technical security risks, but can draw on expertise and guidelines provided by CESG and the Cabinet Office. The Centre for Protection of National Infrastructure also helps protect critical infrastructure. The Ministry of Defence has its own separate policies and systems.