Cyber, critical infrastructure & AI standards — all in one place.
The latest standards, laws and regulations, with curated metadata, mapped controls and expert guidance from 6clicks. Built for GRC, compliance and security teams.
Browse by industry
Browse by sector. Each page shows relevant standards, laws, regulations, and frameworks.
Explore all industriesContent Library
Showing 20 of 102
ISM CCM — Information Security Manual Cloud Controls Matrix Template
The Cloud Controls Matrix (CCM) Template is a comprehensive framework for mapping cloud security controls to industry standards and compliance requirements. It helps organizations assess, implement, and demonstrate effective cloud security practices across diverse environments.
Australian Government • Australia • vJune 2026
ISM SSP — Information Security Manual System Security Plan Annex Template
The System Security Plan (SSP) Annex Template is a structured document used to capture detailed information about an organization’s cyber security controls and implementation. It supports accreditation processes by providing evidence of compliance, risk management, and system-specific security measures.
Australian Government • Australia • vJune 2026
RFFR ISM SoA — Right Fit for Risk Information Security Manual Statement of Applicability
The Right Fit for Risk (RFFR) Statement of Applicability (SoA) is a structured template used to document how organizations meet cyber security accreditation requirements. It outlines applicable controls, their implementation status, and provides assurance of compliance with the RFFR framework.
Australian Government • Australia • vJune 2026
ISM — Information Security Manual
The Australian ISM is the nationally recognized cybersecurity framework developed by the Australian Signals Directorate. It provides organizations with structured guidance to safeguard information and operational technology systems against evolving cyber threats.
Australian Government • Australia • vJune 2026
NIPG — National Identity Proofing Guidelines 2025
The National Identity Proofing Guidelines 2025 provide voluntary, risk-based best-practice guidance for verifying an individual's identity, aligned with Digital ID Accreditation Rules to promote consistency across physical and digital identity verification processes. The guidelines support organizations in strengthening identity-proofing practices, increasing trust through a standardized and transparent approach, and enabling more identity verification activities to be conducted online. By leveraging national identity verification services, organizations can reduce the need to store identity document copies, resulting in lower costs, improved privacy, reduced data breach risks, and stronger protection against identity fraud.
Australian Government • Australia
PRIS Act — Privacy and Responsible Information Sharing Act 2024
The Privacy and Responsible Information Sharing Act 2024 (PRIS Act) establishes a privacy framework for the Western Australian public sector. It introduces Information Privacy Principles (IPPs) and provisions for privacy complaints, privacy impact assessments, and a notifiable information breach scheme.
Government of Western Australia • Western Australia
NIST SP 800-53 Rev. 5.2 — Security and Privacy Controls for Information Systems and Organizations
NIST Special Publication 800-53 Rev. 5 provides a comprehensive catalog of security and privacy controls designed to safeguard organizational operations, assets, and individuals from a broad spectrum of risks including cyberattacks, human mistakes, and natural disasters. It is widely used for implementing security measures as part of risk management frameworks.
NIST (National Institute of Standards and Technology) • United States • v5.2.0
ISO 14001 — ISO 14001:2026 - Environmental management systems
ISO 14001:2026 is the internationally recognized standard for environmental management systems (EMS). It offers a framework for organizations to improve environmental performance through methods including resource optimization, waste management, and stakeholder engagement.
International Organization for Standardization (ISO) • v2026
SOX — Sarbanes-Oxley Act of 2002
The Sarbanes-Oxley Act (SOX) is a U.S. federal law enacted in 2002 to enhance corporate accountability and financial transparency in response to major corporate scandals. It applies to publicly traded companies, mandating stricter financial reporting, internal controls, and governance standards.
US Government • United States
AML/CTF Act — Anti-Money Laundering and Counter-Terrorism Financing Act 2006
This is an Australian law established to prevent money laundering and financing of terrorism. It imposes obligations on certain entities to implement anti-money laundering and counter-terrorism financing measures, including customer due diligence, reporting, and record-keeping.
Australian Government • Australia • vCompilation No. 60, 31 March 2026
AML/CTF Rules — Anti-Money Laundering and Counter-Terrorism Financing Rules 2025
The Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 provide detailed obligations on reporting entities in Australia to prevent financial crimes, including money laundering and terrorism financing. Administered by the Department of Home Affairs, it supports compliance with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.
Australian Government • Australia • vCompilation No. 1, 31 March 2026
India - (DPDP) Rules — India - Digital Personal Data Protection (DPDP) Rules
The Digital Personal Data Protection Rules, 2025 operationalize India’s Digital Personal Data Protection Act, 2023 by establishing detailed requirements for the collection, processing, storage, and protection of digital personal data. The Rules define obligations for organizations handling personal data, including consent management, breach notifications, data retention, and protections for children and vulnerable individuals. They also establish governance mechanisms such as the Data Protection Board and provide a phased implementation timeline for compliance.
Government of India • India • v2025
India - PDPD Act — India - Digital Personal Data Protection (PDPD) Act (Act No. 22 of 2023)
The Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023) establishes India’s legal framework for processing digital personal data while balancing individuals’ privacy rights with lawful data use. The Act defines obligations for organizations handling personal data, grants rights and duties to individuals, and introduces requirements for consent, data protection, and breach accountability. It also establishes the Data Protection Board of India to oversee compliance, adjudication, and enforcement of penalties for violations.
Government of India • India • v2023
Safe & Trusted Internet — Guidelines on Information Security Practices for Government Entities
The Safe & Trusted Internet Guidelines on Information Security Practices for Government Entities, issued by the Indian Computer Emergency Response Team (CERT-In), establish baseline cyber security controls and best practices to help government entities protect ICT infrastructure, systems, networks, and data against evolving cyber threats and strengthen India’s digital security posture.
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India • India
CBK Law — Law No. (32) of 1968 Concerning Currency, The Central Bank of Kuwait and The Regulation of Banking
Law No. (32) of 1968 establishes the legal framework for the establishment and operation of the Central Bank of Kuwait (CBK) and governs currency issuance, banking regulations, and financial supervision within Kuwait. It includes amendments to address evolving economic and regulatory needs.
Central Bank of Kuwait • Kuwait • v2021
PDSP — Protective Data Security Plan (PDSP) Single organisation PDSP form Version 3.7
Victorian public sector bodies are required to report on their information security practices to the Office of the Victorian Information Commissioner (OVIC). This includes submitting Protective Data Security Plans (PDSPs), annual attestations, and notifying OVIC of security incidents as outlined under the Victorian Protective Data Security Framework and Standards (VPDSF, VPDSS).
Office of the Victorian Information Commissioner (OVIC) • Victoria, Australia • v3.7
SOCIA 2018 — Security of Critical Infrastructure Act 2018
The Security of Critical Infrastructure Act 2018 (SOCIA) establishes a regulatory framework for managing national security risks to Australia’s critical infrastructure sectors. It introduces statutory obligations, reporting requirements, and oversight mechanisms for critical assets.
Australian Department of Home Affairs • Australia • vNo. 29, 2018
Privacy Act
The Privacy Act of Canada governs the collection, use, retention, and disclosure of personal information by federal government institutions. It ensures that individuals have the right to access and correct their personal information held by the government.
Government of Canada • Canada
National Greenhouse and Energy Reporting Act 2007
The National Greenhouse and Energy Reporting Act 2007 establishes a national framework for corporations to report their greenhouse gas emissions, energy production, and energy consumption. It aims to improve data transparency and inform government policy on climate change.
Australian Government • Australia
Fair Work Regulations 2009
The Fair Work Regulations 2009 provide detailed legislative backing to the Fair Work Act 2009, outlining the operational rules and requirements for employment relationships, industrial agreements, and workplace standards in Australia. It includes rules on employer obligations, employee protections, and compliance mechanisms.
Department of Employment and Workplace Relations (DEWR) • Australia
Ready to manage these frameworks?
6clicks maps regulations to controls, evidence and risks — automatically.