Cyber, critical infrastructure & AI standards — all in one place.

The latest standards, laws and regulations, with curated metadata, mapped controls and expert guidance from 6clicks. Built for GRC, compliance and security teams.

Browse by industry

Browse by sector. Each page shows relevant standards, laws, regulations, and frameworks.

Explore all industries

Content Library

Showing 20 of 51

CybersecurityGuideline

IS18 — Information and Cyber Security Policy (IS18)

The Information and Cyber Security Policy (IS18) is a policy framework established by the Queensland Government to enhance information security and organizational resilience. It mandates the implementation of ISO 27001-based ISMS, systematic risk management, and compliance with the Australian Signals Directorate's Essential Eight Strategies for all Queensland Government agencies.

Queensland Government • Queensland, Australia • v9.0.0

View details
CybersecurityFramework

CSA IoT Controls — CSA IoT Security Controls Framework

The CSA IoT Security Controls Framework provides essential security controls to mitigate risks in IoT systems that include various connected devices, cloud services, and networks. It is designed to apply to a range of IoT systems, from handling low-value data to supporting critical services.

Cloud Security Alliance (CSA) • v2

View details
GRCStandardControl set

ISO 45001 — ISO 45001:2018 - Occupational Health and Safety Management Systems — Requirements with Guidance for Use

ISO 45001:2018 is an international standard that specifies requirements for an occupational health and safety (OH&S) management system. It helps organizations improve workplace safety, reduce risks, and enhance overall OH&S performance.

International Organization for Standardization (ISO) • v2018

View details
GRCRegulation

EU 2016/1675 — Commission Delegated Regulation (EU) 2016.1675 on High Risk Third Countries

This regulation identifies high-risk third countries with strategic deficiencies in the area of anti-money laundering (AML) and countering the financing of terrorism (CFT). It supplements Directive (EU) 2015/849, providing a legal framework for such identifications.

European Commission • European Union • v14 July 2016

View details
GRCFrameworkControl set

COBIT 2019 — COBIT 2019 Framework

The COBIT 2019 Framework, developed by ISACA, is a globally recognized standard for optimizing enterprise IT governance and management. It provides flexible, detailed guidance for organizations aiming to achieve effective governance over information and technology.

ISACA • v2019

View details
CybersecurityRegulation

NSW Cyber Security Policy

The NSW Cyber Security Policy outlines mandatory requirements that all NSW Government agencies must follow to ensure the effective management of cyber security risks to government information and systems. It mandates annual reporting by agencies and includes policy directives related to incident management, risk assessment, and compliance.

Cyber Security NSW • New South Wales, Australia

View details
CybersecurityFramework

AESCSF v2 Core — Australian Energy Sector Cyber Security Framework

The Australian Energy Sector Cyber Security Framework (AESCSF) provides a structured approach for managing cybersecurity risks specific to the energy sector. Version 2 introduces updates and refinements to address evolving threats and ensure resilience.

Australian Energy Market Operator (AEMO) • Australia • v2.0

View details
CybersecurityGuideline

BSI IT-Grundschutz-Compendium Edition 2022

The BSI IT-Grundschutz-Compendium Edition 2022 is a comprehensive cybersecurity guideline published by the German Federal Office for Information Security (BSI). It provides a structured methodology for implementing information security in organizations based on standardized modules and best practices.

Federal Office for Information Security (BSI) • Germany • v2022

View details
Critical InfrastructureRegulation

Commission Implementing Regulation (EU) 2023/203

This regulation outlines requirements for the management of information security risks that could impact aviation safety. It applies to organisations and competent authorities operating in the aviation sector to ensure secure operations.

European Union Aviation Safety Agency (EASA) • European Union • v2023/203

View details
CybersecurityStandard

ITSP.10.171 — Protecting Specified Information in Non-Government of Canada Systems and Organizations

ITSP.10.171 sets out security requirements for protecting 'specified information' when it resides in non-Government of Canada systems or organizations. It aligns with NIST standards but adapts them to the Canadian regulatory environment.

Canadian Centre for Cyber Security • Canada • vFirst release

View details
AIRegulation

EU AI Act — EU Artificial Intelligence Act

The EU AI Act (Regulation (EU) 2024/1689) is the world’s first comprehensive law regulating artificial intelligence. It establishes a risk-based framework that classifies AI systems into four categories—unacceptable, high-risk, limited-risk, and minimal-risk—with stricter obligations applied to higher-risk systems.

European Union • European Union • vJanuary 2024

View details
CybersecurityFramework

SCF — Secure Controls Framework

The Secure Controls Framework (SCF) is a comprehensive, free cybersecurity and data privacy metaframework designed to simplify compliance and build secure, resilient organizations. It unifies control sets to simultaneously meet compliance requirements across multiple laws, regulations, and frameworks.

Secure Controls Framework (SCF) Council • v2026.1.1

View details
CybersecurityStandard

ADHICS — Abu Dhabi Healthcare Information and Cyber Security Standard

The AAMEN programme ensures that all healthcare facilities in Abu Dhabi comply with information security and data privacy standards to safeguard patient data. It incorporates the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS) and aims to enhance cybersecurity governance, resilience, and innovation in the healthcare sector.

Department of Health Abu Dhabi • Abu Dhabi, United Arab Emirates • v2

View details
GRCStandard

CPS 231 — Prudential Standard CPS 231 Outsourcing

The Prudential Standard CPS 231 establishes requirements for outsourcing arrangements by financial institutions regulated by the Australian Prudential Regulation Authority (APRA). It aims to ensure that risks associated with outsourcing are effectively managed.

Australian Prudential Regulation Authority (APRA) • Australia

View details
CybersecurityStandard

UAE IA V2 — UAE Information Assurance Standard Version 2

The UAE Information Assurance Standard Version 2 (UAE IA V2) is a national cybersecurity framework issued by the UAE Cyber Security Council in 2025. It builds upon the previous version with updated controls and integrations to address modern technologies, such as AI/ML, IoT, cloud, and post-quantum cryptography.

UAE Cyber Security Council • United Arab Emirates • v2.0

View details
CybersecurityStandard

VPDSS 2.0 — Victorian Protective Data Security Standards V2.0

The Victorian Protective Data Security Standards (VPDSS) establish 12 high-level mandatory requirements for the protection of public sector information in Victoria, Australia. These requirements cover governance, information, personnel, ICT, and physical security, focusing on a risk-managed approach tailored to the Victorian government context.

Office of the Victorian Information Commissioner (OVIC) • Victoria, Australia • v2.0

View details
AIStandard

AIUC-1 — AIUC-1

AIUC-1 is a standard focused on the security, safety, and reliability of AI agents used in enterprises. It addresses risks related to data privacy, security, accountability, and societal concerns while providing certification for compliant organizations.

Artificial Intelligence Underwriting Company (AIUC) • vApril 15, 2026

View details
CybersecurityGuideline

NIST SP 800-39 — NIST Special Publication 800-39 - Managing Information Security Risk: Organization, Mission, and Information System View

NIST SP 800-39 provides guidance for developing an organization-wide program to manage information security risk. It introduces a structured yet flexible framework for assessing, responding to, and monitoring risks associated with federal information systems.

National Institute of Standards and Technology (NIST) • United States

View details
Critical InfrastructureGuideline

NIST SP 800-82 Rev. 3 — NIST Special Publication 800-02 Rev. 3 - Guide to Operational Technology (OT) Security

This document provides guidance on securing operational technology (OT) systems, which include programmable devices interacting with the physical environment. It addresses unique performance, reliability, and safety requirements, identifies threats, and recommends security measures.

National Institute of Standards and Technology (NIST) • United States • vRevision 3

View details
CybersecurityGuideline

NIST SP 800-161 Rev. 1 — NIST Special Publication 800-161 Rev. 1 - Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations

This publication provides guidance on identifying, assessing, and mitigating cybersecurity risks throughout the supply chain. It integrates Cybersecurity Supply Chain Risk Management (C-SCRM) practices into organizational risk management processes.

National Institute of Standards and Technology (NIST) • United States • vRev. 1, Update 1

View details

Ready to manage these frameworks?

6clicks maps regulations to controls, evidence and risks — automatically.

Book your strategy call