Cyber, critical infrastructure & AI standards — all in one place.
The latest standards, laws and regulations, with curated metadata, mapped controls and expert guidance from 6clicks. Built for GRC, compliance and security teams.
Browse by industry
Browse by sector. Each page shows relevant standards, laws, regulations, and frameworks.
Explore all industriesContent Library
Showing 20 of 61
Cyber Essentials Mark — CSA Cybersecurity Certification: Cyber Essentials Mark
The Cyber Essentials (2025) certification is a cybersecurity certification scheme developed by the Cyber Security Agency (CSA) of Singapore. It provides a framework for organisations to enhance their cybersecurity posture, covering areas like classical cybersecurity, cloud security, OT security, and AI security.
Cyber Security Agency of Singapore (CSA) • Singapore • v 04-2025 (Second edition)
BSI IT-Grundschutz-Compendium Edition 2022
The BSI IT-Grundschutz-Compendium Edition 2022 is a comprehensive cybersecurity guideline published by the German Federal Office for Information Security (BSI). It provides a structured methodology for implementing information security in organizations based on standardized modules and best practices.
Federal Office for Information Security (BSI) • Germany • v2022
Consumer Data Right — Competition and Consumer (Consumer Data Right) Rules 2021
The Competition and Consumer (Consumer Data Right) Rules 2021 outline regulations for implementing Australia's Consumer Data Right (CDR) framework. They establish rules for data sharing, privacy safeguards, accreditation of data recipients, and dispute resolution processes.
Department of the Treasury • Australia
Commission Implementing Regulation (EU) 2023/203
This regulation outlines requirements for the management of information security risks that could impact aviation safety. It applies to organisations and competent authorities operating in the aviation sector to ensure secure operations.
European Union Aviation Safety Agency (EASA) • European Union • v2023/203
ITSP.10.171 — Protecting Specified Information in Non-Government of Canada Systems and Organizations
ITSP.10.171 sets out security requirements for protecting 'specified information' when it resides in non-Government of Canada systems or organizations. It aligns with NIST standards but adapts them to the Canadian regulatory environment.
Canadian Centre for Cyber Security • Canada • vFirst release
Baseline Cyber Security Controls for Small and Medium Organizations
The Baseline Cyber Security Controls for Small and Medium Organizations provides guidance from the Canadian Centre for Cyber Security to improve the resilience of smaller organizations through focused cybersecurity measures. It applies the 80/20 rule, aiming to achieve significant cybersecurity benefits with minimal effort.
Canadian Centre for Cyber Security • Canada • v1.2
SCF — Secure Controls Framework
The Secure Controls Framework (SCF) is a comprehensive, free cybersecurity and data privacy metaframework designed to simplify compliance and build secure, resilient organizations. It unifies control sets to simultaneously meet compliance requirements across multiple laws, regulations, and frameworks.
Secure Controls Framework (SCF) Council • v2026.1.1
Cyber Essentials v3.2 — Cyber Essentials Requirements for IT Infrastructure
Cyber Essentials is a UK government-backed scheme focused on protecting IT infrastructure from common cyber threats. Version 3.2 outlines updated security controls and practices.
UK National Cyber Security Centre (NCSC) • United Kingdom • v3.2
ADHICS — Abu Dhabi Healthcare Information and Cyber Security Standard
The AAMEN programme ensures that all healthcare facilities in Abu Dhabi comply with information security and data privacy standards to safeguard patient data. It incorporates the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS) and aims to enhance cybersecurity governance, resilience, and innovation in the healthcare sector.
Department of Health Abu Dhabi • Abu Dhabi, United Arab Emirates • v2
UAE IA V2 — UAE Information Assurance Standard Version 2
The UAE Information Assurance Standard Version 2 (UAE IA V2) is a national cybersecurity framework issued by the UAE Cyber Security Council in 2025. It builds upon the previous version with updated controls and integrations to address modern technologies, such as AI/ML, IoT, cloud, and post-quantum cryptography.
UAE Cyber Security Council • United Arab Emirates • v2.0
VPDSS 2.0 — Victorian Protective Data Security Standards V2.0
The Victorian Protective Data Security Standards (VPDSS) establish 12 high-level mandatory requirements for the protection of public sector information in Victoria, Australia. These requirements cover governance, information, personnel, ICT, and physical security, focusing on a risk-managed approach tailored to the Victorian government context.
Office of the Victorian Information Commissioner (OVIC) • Victoria, Australia • v2.0
AIUC-1 — AIUC-1
AIUC-1 is a standard focused on the security, safety, and reliability of AI agents used in enterprises. It addresses risks related to data privacy, security, accountability, and societal concerns while providing certification for compliant organizations.
Artificial Intelligence Underwriting Company (AIUC) • vApril 15, 2026
NIST SP 800-39 — NIST Special Publication 800-39 - Managing Information Security Risk: Organization, Mission, and Information System View
NIST SP 800-39 provides guidance for developing an organization-wide program to manage information security risk. It introduces a structured yet flexible framework for assessing, responding to, and monitoring risks associated with federal information systems.
National Institute of Standards and Technology (NIST) • United States
NIST SP 800-82 Rev. 3 — NIST Special Publication 800-02 Rev. 3 - Guide to Operational Technology (OT) Security
This document provides guidance on securing operational technology (OT) systems, which include programmable devices interacting with the physical environment. It addresses unique performance, reliability, and safety requirements, identifies threats, and recommends security measures.
National Institute of Standards and Technology (NIST) • United States • vRevision 3
NIST SP 800-171A Rev. 3 — NIST Special Publication 800-171A Rev. 3 - Assessing Security Requirements for Controlled Unclassified Information
This publication provides a methodology and assessment procedures for evaluating security requirements associated with the protection of Controlled Unclassified Information (CUI). It supports compliance with NIST SP 800-171 in nonfederal systems and organizations.
National Institute of Standards and Technology (NIST) • United States • vRevision 3
NIST SP 800-161 Rev. 1 — NIST Special Publication 800-161 Rev. 1 - Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
This publication provides guidance on identifying, assessing, and mitigating cybersecurity risks throughout the supply chain. It integrates Cybersecurity Supply Chain Risk Management (C-SCRM) practices into organizational risk management processes.
National Institute of Standards and Technology (NIST) • United States • vRev. 1, Update 1
NIST CSF 2.0 — NIST Cybersecurity Framework 2.0
The NIST Cybersecurity Framework 2.0 is a comprehensive framework to help organizations manage and reduce cybersecurity risks. It provides guidelines, tools, and resources for improving cybersecurity practices across diverse sectors.
National Institute of Standards and Technology (NIST) • United States • v2.0
GDPR — General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union to harmonize privacy regulations across member states. It governs the processing of personal data by organizations operating within the EU and those outside the EU that target EU residents.
European Parliament and Council of the European Union • European Union
CPG 234 — CPG 234 Information Security
This standard provides information security guidance for Australian financial institutions regulated by APRA. It aims to ensure operational resilience and protect against information security threats.
Australian Prudential Regulation Authority (APRA) • Australia • vJune 2019
ISO/IEC 27001:2013 — ISO/IEC 27001:2013 - Information technology — Security techniques — Information security management systems — Requirements
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). It also includes guidelines for assessing and addressing information security risks in organizations.
ISO/IEC • Global • v2013
Ready to manage these frameworks?
6clicks maps regulations to controls, evidence and risks — automatically.