Cyber, critical infrastructure & AI standards — all in one place.
The latest standards, laws and regulations, with curated metadata, mapped controls and expert guidance from 6clicks. Built for GRC, compliance and security teams.
Browse by industry
Browse by sector. Each page shows relevant standards, laws, regulations, and frameworks.
Explore all industriesContent Library
Showing 20 of 47
ISO 45001 — ISO 45001:2018 - Occupational Health and Safety Management Systems — Requirements with Guidance for Use
ISO 45001:2018 is an international standard that specifies requirements for an occupational health and safety (OH&S) management system. It helps organizations improve workplace safety, reduce risks, and enhance overall OH&S performance.
International Organization for Standardization (ISO) • v2018
UAE Personal Data Protection Law — Federal Decree Law No. 45 of 2021 Regarding the Protection of Personal Data
The UAE Personal Data Protection Law establishes an integrated framework to ensure the confidentiality of information and protect individual privacy in the UAE. It governs the processing of personal data, defines the rights of data owners, sets requirements for cross-border data transfer, and outlines obligations for businesses handling personal data.
UAE Data Office • United Arab Emirates • v20 Sep 2021
EU 2016/1675 — Commission Delegated Regulation (EU) 2016.1675 on High Risk Third Countries
This regulation identifies high-risk third countries with strategic deficiencies in the area of anti-money laundering (AML) and countering the financing of terrorism (CFT). It supplements Directive (EU) 2015/849, providing a legal framework for such identifications.
European Commission • European Union • v14 July 2016
CMMC — Cybersecurity Maturity Model Certification
The Cybersecurity Maturity Model Certification (CMMC) Assessment Guide defines how organizations are evaluated for compliance with cybersecurity requirements when working with the U.S. Department of Defense. It outlines assessment methods, evidence expectations, and control validation aligned with standards like NIST SP 800-171. The guide ensures consistent and rigorous verification of an organization’s ability to protect sensitive information.
US Government • United States • v2.13
SPS 521 — Prudential Standard SPS 521 - Conflicts of Interest
Prudential Standard SPS 521 is a legislative instrument under the Superannuation Industry (Supervision) Act 1993. It sets requirements for superannuation entities in Australia to appropriately manage conflicts of interest to ensure compliance and trust in their operations.
Australian Prudential Regulation Authority (APRA) • Australia
SPS 310 — Prudential Standard SPS 310 Audit and Related Matters
Prudential Standard SPS 310 establishes requirements for conducting audits and related matters for the superannuation industry in Australia. It ensures compliance with financial reporting and auditing practices in accordance with regulatory standards.
Australian Prudential Regulation Authority (APRA) • Australia
Renewable Energy (Electricity) Act 2000
The Renewable Energy (Electricity) Act 2000 establishes a legal framework to encourage the generation of electricity from renewable energy sources in Australia. It creates a system for renewable energy certificates and mandates a Renewable Power Percentage to ensure participation by electricity retailers.
Australian Government • Australia
FSSCP — The Financial Services Sector Cybersecurity Profile
The Financial Services Sector Cybersecurity Profile is a scalable and extensible assessment tool designed to help financial institutions manage cyber risks and demonstrate regulatory compliance. It is based on the NIST Cybersecurity Framework and offers a tailored approach to streamline cybersecurity assessments globally.
Financial Services Sector Coordinating Council (FSSCC) • Global
Ozone Protection and Synthetic Greenhouse Gas Management Act 1989
The Ozone Protection and Synthetic Greenhouse Gas Management Act 1989 is Australian legislation designed to manage the use, import, and export of ozone-depleting substances (ODS) and synthetic greenhouse gases (SGGs). It aligns with Australia's obligations under the Montreal Protocol, emphasizing environmental protection through licensing, quotas, and controls on substances and equipment.
Australian Government • Australia • v7, 1989
Corporations Regulations 2001 — Corporations Regulations 2001
The Corporations Regulations 2001 is a set of legislative rules in Australia that provide detailed regulations supporting the Corporations Act 2001. It governs key aspects of corporate governance, financial reporting, and administration within Australian companies.
Australian Government • Australia • v01 January 2022
ITSP.10.171 — Protecting Specified Information in Non-Government of Canada Systems and Organizations
ITSP.10.171 sets out security requirements for protecting 'specified information' when it resides in non-Government of Canada systems or organizations. It aligns with NIST standards but adapts them to the Canadian regulatory environment.
Canadian Centre for Cyber Security • Canada • vFirst release
SCF — Secure Controls Framework
The Secure Controls Framework (SCF) is a comprehensive, free cybersecurity and data privacy metaframework designed to simplify compliance and build secure, resilient organizations. It unifies control sets to simultaneously meet compliance requirements across multiple laws, regulations, and frameworks.
Secure Controls Framework (SCF) Council • v2026.1.1
ADHICS — Abu Dhabi Healthcare Information and Cyber Security Standard
The AAMEN programme ensures that all healthcare facilities in Abu Dhabi comply with information security and data privacy standards to safeguard patient data. It incorporates the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS) and aims to enhance cybersecurity governance, resilience, and innovation in the healthcare sector.
Department of Health Abu Dhabi • Abu Dhabi, United Arab Emirates • v2
CPS 231 — Prudential Standard CPS 231 Outsourcing
The Prudential Standard CPS 231 establishes requirements for outsourcing arrangements by financial institutions regulated by the Australian Prudential Regulation Authority (APRA). It aims to ensure that risks associated with outsourcing are effectively managed.
Australian Prudential Regulation Authority (APRA) • Australia
RG 1 — RG 1 Applying for and varying an AFS licence
This regulatory guide provides details on the process for applying for and varying an Australian Financial Services (AFS) licence. It outlines ASIC’s approach to assessing applications and the required documentation for submission.
Australian Securities and Investments Commission (ASIC) • Australia
RG 271 — RG 271 Internal Dispute Resolution
This regulatory guide outlines enforceable standards and requirements for internal dispute resolution (IDR) systems for financial firms in Australia. It specifies the obligations these firms must meet to comply with ASIC's IDR standards.
Australian Securities and Investments Commission (ASIC) • Australia
RG 274 — RG 274 Product Design and Distribution Obligations
This guide, issued by ASIC, outlines obligations for issuers and distributors of financial products under Part 7.8A of the Corporations Act. It provides ASIC's interpretation, expectations for compliance, and approach for administering these obligations.
Australian Securities and Investments Commission (ASIC) • Australia
NIST SP 800-171A Rev. 3 — NIST Special Publication 800-171A Rev. 3 - Assessing Security Requirements for Controlled Unclassified Information
This publication provides a methodology and assessment procedures for evaluating security requirements associated with the protection of Controlled Unclassified Information (CUI). It supports compliance with NIST SP 800-171 in nonfederal systems and organizations.
National Institute of Standards and Technology (NIST) • United States • vRevision 3
RG 133 — RG 133 Funds Management and Custodial Services: Holding Assets
RG 133 outlines the Australian financial services (AFS) licence obligations for entities involved in managing and holding client assets. It sets minimum standards that apply to responsible entities of registered managed investment schemes, licensed custody providers, MDA providers, and IDPS operators.
Australian Securities and Investments Commission (ASIC) • Australia
GDPR — General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union to harmonize privacy regulations across member states. It governs the processing of personal data by organizations operating within the EU and those outside the EU that target EU residents.
European Parliament and Council of the European Union • European Union
Ready to manage these frameworks?
6clicks maps regulations to controls, evidence and risks — automatically.