Cyber, critical infrastructure & AI standards — all in one place.
The latest standards, laws and regulations, with curated metadata, mapped controls and expert guidance from 6clicks. Built for GRC, compliance and security teams.
Browse by industry
Browse by sector. Each page shows relevant standards, laws, regulations, and frameworks.
Explore all industriesContent Library
Showing 20 of 91
CPS 231 — Prudential Standard CPS 231 Outsourcing
The Prudential Standard CPS 231 establishes requirements for outsourcing arrangements by financial institutions regulated by the Australian Prudential Regulation Authority (APRA). It aims to ensure that risks associated with outsourcing are effectively managed.
Australian Prudential Regulation Authority (APRA) • Australia
RG 1 — RG 1 Applying for and varying an AFS licence
This regulatory guide provides details on the process for applying for and varying an Australian Financial Services (AFS) licence. It outlines ASIC’s approach to assessing applications and the required documentation for submission.
Australian Securities and Investments Commission (ASIC) • Australia
UAE IA V2 — UAE Information Assurance Standard Version 2
The UAE Information Assurance Standard Version 2 (UAE IA V2) is a national cybersecurity framework issued by the UAE Cyber Security Council in 2025. It builds upon the previous version with updated controls and integrations to address modern technologies, such as AI/ML, IoT, cloud, and post-quantum cryptography.
UAE Cyber Security Council • United Arab Emirates • v2.0
RG 271 — RG 271 Internal Dispute Resolution
This regulatory guide outlines enforceable standards and requirements for internal dispute resolution (IDR) systems for financial firms in Australia. It specifies the obligations these firms must meet to comply with ASIC's IDR standards.
Australian Securities and Investments Commission (ASIC) • Australia
RG 274 — RG 274 Product Design and Distribution Obligations
This guide, issued by ASIC, outlines obligations for issuers and distributors of financial products under Part 7.8A of the Corporations Act. It provides ASIC's interpretation, expectations for compliance, and approach for administering these obligations.
Australian Securities and Investments Commission (ASIC) • Australia
VPDSS 2.0 — Victorian Protective Data Security Standards V2.0
The Victorian Protective Data Security Standards (VPDSS) establish 12 high-level mandatory requirements for the protection of public sector information in Victoria, Australia. These requirements cover governance, information, personnel, ICT, and physical security, focusing on a risk-managed approach tailored to the Victorian government context.
Office of the Victorian Information Commissioner (OVIC) • Victoria, Australia • v2.0
AIUC-1 — AIUC-1
AIUC-1 is a standard focused on the security, safety, and reliability of AI agents used in enterprises. It addresses risks related to data privacy, security, accountability, and societal concerns while providing certification for compliant organizations.
Artificial Intelligence Underwriting Company (AIUC) • vApril 15, 2026
RG 181 — RG 181 AFS licensing: Managing conflicts of interest
This regulatory guide outlines the legal obligations under the Corporations Act for Australian financial services (AFS) licensees to have adequate arrangements to manage conflicts of interest. It provides specific guidance on identifying conflicts, implementing effective arrangements, and managing conflicts using appropriate tools.
Australian Securities and Investments Commission (ASIC) • Australia
NIST SP 800-39 — NIST Special Publication 800-39 - Managing Information Security Risk: Organization, Mission, and Information System View
NIST SP 800-39 provides guidance for developing an organization-wide program to manage information security risk. It introduces a structured yet flexible framework for assessing, responding to, and monitoring risks associated with federal information systems.
National Institute of Standards and Technology (NIST) • United States
NIST SP 800-82 Rev. 3 — NIST Special Publication 800-02 Rev. 3 - Guide to Operational Technology (OT) Security
This document provides guidance on securing operational technology (OT) systems, which include programmable devices interacting with the physical environment. It addresses unique performance, reliability, and safety requirements, identifies threats, and recommends security measures.
National Institute of Standards and Technology (NIST) • United States • vRevision 3
NIST SP 800-171A Rev. 3 — NIST Special Publication 800-171A Rev. 3 - Assessing Security Requirements for Controlled Unclassified Information
This publication provides a methodology and assessment procedures for evaluating security requirements associated with the protection of Controlled Unclassified Information (CUI). It supports compliance with NIST SP 800-171 in nonfederal systems and organizations.
National Institute of Standards and Technology (NIST) • United States • vRevision 3
RG 133 — RG 133 Funds Management and Custodial Services: Holding Assets
RG 133 outlines the Australian financial services (AFS) licence obligations for entities involved in managing and holding client assets. It sets minimum standards that apply to responsible entities of registered managed investment schemes, licensed custody providers, MDA providers, and IDPS operators.
Australian Securities and Investments Commission (ASIC) • Australia
NIST SP 800-161 Rev. 1 — NIST Special Publication 800-161 Rev. 1 - Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
This publication provides guidance on identifying, assessing, and mitigating cybersecurity risks throughout the supply chain. It integrates Cybersecurity Supply Chain Risk Management (C-SCRM) practices into organizational risk management processes.
National Institute of Standards and Technology (NIST) • United States • vRev. 1, Update 1
NIST CSF 2.0 — NIST Cybersecurity Framework 2.0
The NIST Cybersecurity Framework 2.0 is a comprehensive framework to help organizations manage and reduce cybersecurity risks. It provides guidelines, tools, and resources for improving cybersecurity practices across diverse sectors.
National Institute of Standards and Technology (NIST) • United States • v2.0
GDPR — General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union to harmonize privacy regulations across member states. It governs the processing of personal data by organizations operating within the EU and those outside the EU that target EU residents.
European Parliament and Council of the European Union • European Union
APPs — Australian Privacy Principles
The Australian Privacy Principles (APPs) are a set of 13 principles that form the privacy protection framework under the Privacy Act 1988. They govern how personal information is collected, used, disclosed, and managed by organizations and agencies subject to the Act.
Office of the Australian Information Commissioner (OAIC) • Australia
Privacy Act 1988 — Privacy Act 1988
The Privacy Act 1988 is an Australian law that regulates the handling of personal information by businesses, government agencies, and other entities. It includes provisions for the Australian Privacy Principles, credit reporting, and notification of data breaches.
Australian Government • Australia • vNo. 119, 1988
CPG 234 — CPG 234 Information Security
This standard provides information security guidance for Australian financial institutions regulated by APRA. It aims to ensure operational resilience and protect against information security threats.
Australian Prudential Regulation Authority (APRA) • Australia • vJune 2019
CPG 235 — Prudential Practice Guide CPG 235 - Managing Data Risk
The Prudential Practice Guide CPG 235 provides guidance for Australian financial institutions on how to effectively manage data risk. It focuses on identifying, assessing, and mitigating risks associated with data to ensure its integrity, availability, and confidentiality.
Australian Prudential Regulation Authority (APRA) • Australia
CPS 220 — Prudential Standard CPS 220 Risk Management
CPS 220 is a prudential standard issued by the Australian Prudential Regulation Authority (APRA) outlining risk management requirements for regulated entities. It establishes standards for institutions to identify, assess, and manage risks effectively to ensure financial stability and compliance.
Australian Prudential Regulation Authority (APRA) • Australia
Ready to operationalize these standards?
6clicks maps regulations to controls, evidence and risks automatically.