Cyber, critical infrastructure & AI standards — all in one place.

The latest standards, laws and regulations, with curated metadata, mapped controls and expert guidance from 6clicks. Built for GRC, compliance and security teams.

Browse by industry

Browse by sector. Each page shows relevant standards, laws, regulations, and frameworks.

Explore all industries

Content Library

Showing 20 of 61

CybersecurityFramework

C2M2 — Cybersecurity Capability Maturity Model

The Cybersecurity Capability Maturity Model (C2M2) is a tool developed by the U.S. Department of Energy to help organizations evaluate and enhance their cybersecurity capabilities. It focuses on both IT and OT environments, offering a structured framework of over 350 practices organized into 10 domains.

U.S. Department of Energy • United States • v2.1

View details
CybersecurityControl set

ECC 2-2024 — Essential Cybersecurity Controls

The Essential Cybersecurity Controls (ECC 2-2024) aim to enhance cybersecurity at the national level in Saudi Arabia. They provide policies and controls to protect the information and technological assets of national entities.

National Cybersecurity Authority • Kingdom of Saudi Arabia • v2-2024

View details
CybersecurityControl set

DCC-1:2022 — Data Cybersecurity Controls

The Data Cybersecurity Controls (DCC-1:2022) establish minimum cybersecurity requirements to protect data throughout its lifecycle. Issued by the Saudi National Cybersecurity Authority, the controls build on existing cybersecurity frameworks to enhance the Kingdom's overall cybersecurity maturity.

National Cybersecurity Authority (NCA) • Kingdom of Saudi Arabia • v1:2022

View details
CybersecurityControl set

CIS Controls v8.1 — CIS Critical Security Controls Version 8.1

The CIS Critical Security Controls Version 8.1 is a prioritized set of cybersecurity best practices designed to defend against common cyber threats to systems and networks. It includes updates to align with evolving industry standards and frameworks, such as NIST CSF 2.0.

Center for Internet Security (CIS) • v8.1

View details
CybersecurityStandardFramework

CCM v4.0 — Cloud Controls Matrix v4.0

The Cloud Controls Matrix (CCM) v4 is a meta-framework of cloud-specific security controls designed to provide clarity and structure for information security in cloud computing environments. It includes mappings to leading standards, best practices, and regulations.

Cloud Security Alliance (CSA) • v4.0

View details
CybersecurityGuideline

IS18 — Information and Cyber Security Policy (IS18)

The Information and Cyber Security Policy (IS18) is a policy framework established by the Queensland Government to enhance information security and organizational resilience. It mandates the implementation of ISO 27001-based ISMS, systematic risk management, and compliance with the Australian Signals Directorate's Essential Eight Strategies for all Queensland Government agencies.

Queensland Government • Queensland, Australia • v9.0.0

View details
CybersecurityFramework

CSA IoT Controls — CSA IoT Security Controls Framework

The CSA IoT Security Controls Framework provides essential security controls to mitigate risks in IoT systems that include various connected devices, cloud services, and networks. It is designed to apply to a range of IoT systems, from handling low-value data to supporting critical services.

Cloud Security Alliance (CSA) • v2

View details
CybersecurityStandardControl set

PCI DSS — PCI Data Security Standard (PCI DSS)

The PCI Data Security Standard (PCI DSS) is a global security standard designed to protect payment card account data. It establishes technical and operational security requirements for organizations that handle cardholder data.

PCI Security Standards Council • v4.x

View details
Critical InfrastructureRegulation

EU Regulation 2022/1645 — Commission Delegated Regulation (EU) 2022/1645

EU Regulation 2022/1645 establishes mandatory cybersecurity management requirements for Part 21 Design Organisations (DOs) and Production Organisations (POs) in the aviation sector. It introduces the implementation of an Information Security Management System (ISMS) to protect critical systems, data, and processes from cyber threats.

European Commission • European Union

View details
CybersecurityStandard

OWASP ASVS — OWASP Application Security Verification Standard

The OWASP Application Security Verification Standard (ASVS) is an open standard for testing and verifying the security of web applications. It provides developers with a comprehensive list of requirements for secure development and helps establish confidence in application security.

OWASP Foundation • v4.0.2

View details
GRCFrameworkControl set

COBIT 2019 — COBIT 2019 Framework

The COBIT 2019 Framework, developed by ISACA, is a globally recognized standard for optimizing enterprise IT governance and management. It provides flexible, detailed guidance for organizations aiming to achieve effective governance over information and technology.

ISACA • v2019

View details
CybersecurityFramework

CMMC — Cybersecurity Maturity Model Certification

The Cybersecurity Maturity Model Certification (CMMC) Assessment Guide defines how organizations are evaluated for compliance with cybersecurity requirements when working with the U.S. Department of Defense. It outlines assessment methods, evidence expectations, and control validation aligned with standards like NIST SP 800-171. The guide ensures consistent and rigorous verification of an organization’s ability to protect sensitive information.

US Government • United States • v2.13

View details
CybersecurityFrameworkControl set

SOC2 — SOC2 Trusted Services Criteria

SOC 2 is a framework for managing and reporting on controls at service organizations relevant to security, availability, processing integrity, confidentiality, and privacy. It aims to provide detailed information and assurance to stakeholders about how these controls are implemented to protect user data.

American Institute of Certified Public Accountants (AICPA) • United States

View details
CybersecurityFramework

FSSCP — The Financial Services Sector Cybersecurity Profile

The Financial Services Sector Cybersecurity Profile is a scalable and extensible assessment tool designed to help financial institutions manage cyber risks and demonstrate regulatory compliance. It is based on the NIST Cybersecurity Framework and offers a tailored approach to streamline cybersecurity assessments globally.

Financial Services Sector Coordinating Council (FSSCC) • Global

View details
CybersecurityStandard

SMB1001 — SMB1001 Cybersecurity Standard

The SMB1001 Cybersecurity Standard provides small and medium-sized businesses, including law firms, with a clear and achievable framework to enhance their cybersecurity defenses and demonstrate due diligence. It aims to help practitioners protect client confidentiality, reduce cyber risks, and meet stakeholder requirements.

Dynamic Standards International (DSI) • Australia • v2026

View details
CybersecurityFramework

QCF — Qatar Cybersecurity Framework

The Qatar Cybersecurity Framework (QCF) provides structured guidelines to help organizations manage and strengthen their cybersecurity practices across governance, risk, protection, detection, response, and recovery. It promotes a proactive, coordinated approach to mitigating cyber threats while enhancing national and organizational resilience.

Qatar National Cyber Security Committee (NCSC) • Qatar

View details
PrivacyLaw

Qatar PDPPL — Qatar Personal Data Privacy Protection Law (Law No. (13) of 2016)

The Qatar Personal Data Privacy Protection Law (PDPPL), formally Law No. 13 of 2016, is the primary data protection framework in Qatar. It governs how organizations collect, process, store, transfer, and secure personal data belonging to individuals in the country.

Qatar National Cyber Security Agency (NCSA) • Qatar

View details
CybersecurityRegulation

NSW Cyber Security Policy

The NSW Cyber Security Policy outlines mandatory requirements that all NSW Government agencies must follow to ensure the effective management of cyber security risks to government information and systems. It mandates annual reporting by agencies and includes policy directives related to incident management, risk assessment, and compliance.

Cyber Security NSW • New South Wales, Australia

View details
CybersecurityFramework

AESCSF v2 Core — Australian Energy Sector Cyber Security Framework

The Australian Energy Sector Cyber Security Framework (AESCSF) provides a structured approach for managing cybersecurity risks specific to the energy sector. Version 2 introduces updates and refinements to address evolving threats and ensure resilience.

Australian Energy Market Operator (AEMO) • Australia • v2.0

View details
PrivacyLaw

Privacy and Data Protection Act 2014 — Privacy and Data Protection Act 2014 Version No. 032

The Privacy and Data Protection Act 2014 establishes a framework for protecting personal information and ensuring data security within the State of Victoria, Australia. It sets out responsibilities for Victorian public sector agencies regarding personal data handling and protections.

Victorian Government • Victoria, Australia • version No. 032

View details

Ready to manage these frameworks?

6clicks maps regulations to controls, evidence and risks — automatically.

Book your strategy call