Cyber, critical infrastructure & AI standards — all in one place.
The latest standards, laws and regulations, with curated metadata, mapped controls and expert guidance from 6clicks. Built for GRC, compliance and security teams.
Browse by industry
Browse by sector. Each page shows relevant standards, laws, regulations, and frameworks.
Explore all industriesContent Library
Showing 20 of 102
NIST SP 800-82 Rev. 3 — NIST Special Publication 800-02 Rev. 3 - Guide to Operational Technology (OT) Security
This document provides guidance on securing operational technology (OT) systems, which include programmable devices interacting with the physical environment. It addresses unique performance, reliability, and safety requirements, identifies threats, and recommends security measures.
National Institute of Standards and Technology (NIST) • United States • vRevision 3
NIST SP 800-171A Rev. 3 — NIST Special Publication 800-171A Rev. 3 - Assessing Security Requirements for Controlled Unclassified Information
This publication provides a methodology and assessment procedures for evaluating security requirements associated with the protection of Controlled Unclassified Information (CUI). It supports compliance with NIST SP 800-171 in nonfederal systems and organizations.
National Institute of Standards and Technology (NIST) • United States • vRevision 3
RG 133 — RG 133 Funds Management and Custodial Services: Holding Assets
RG 133 outlines the Australian financial services (AFS) licence obligations for entities involved in managing and holding client assets. It sets minimum standards that apply to responsible entities of registered managed investment schemes, licensed custody providers, MDA providers, and IDPS operators.
Australian Securities and Investments Commission (ASIC) • Australia
NIST SP 800-161 Rev. 1 — NIST Special Publication 800-161 Rev. 1 - Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
This publication provides guidance on identifying, assessing, and mitigating cybersecurity risks throughout the supply chain. It integrates Cybersecurity Supply Chain Risk Management (C-SCRM) practices into organizational risk management processes.
National Institute of Standards and Technology (NIST) • United States • vRev. 1, Update 1
NIST CSF 2.0 — NIST Cybersecurity Framework 2.0
The NIST Cybersecurity Framework 2.0 is a comprehensive framework to help organizations manage and reduce cybersecurity risks. It provides guidelines, tools, and resources for improving cybersecurity practices across diverse sectors.
National Institute of Standards and Technology (NIST) • United States • v2.0
GDPR — General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union to harmonize privacy regulations across member states. It governs the processing of personal data by organizations operating within the EU and those outside the EU that target EU residents.
European Parliament and Council of the European Union • European Union
APPs — Australian Privacy Principles
The Australian Privacy Principles (APPs) are a set of 13 principles that form the privacy protection framework under the Privacy Act 1988. They govern how personal information is collected, used, disclosed, and managed by organizations and agencies subject to the Act.
Office of the Australian Information Commissioner (OAIC) • Australia
Privacy Act 1988 — Privacy Act 1988
The Privacy Act 1988 is an Australian law that regulates the handling of personal information by businesses, government agencies, and other entities. It includes provisions for the Australian Privacy Principles, credit reporting, and notification of data breaches.
Australian Government • Australia • vNo. 119, 1988
CPG 234 — CPG 234 Information Security
This standard provides information security guidance for Australian financial institutions regulated by APRA. It aims to ensure operational resilience and protect against information security threats.
Australian Prudential Regulation Authority (APRA) • Australia • vJune 2019
CPG 235 — Prudential Practice Guide CPG 235 - Managing Data Risk
The Prudential Practice Guide CPG 235 provides guidance for Australian financial institutions on how to effectively manage data risk. It focuses on identifying, assessing, and mitigating risks associated with data to ensure its integrity, availability, and confidentiality.
Australian Prudential Regulation Authority (APRA) • Australia
CPS 220 — Prudential Standard CPS 220 Risk Management
CPS 220 is a prudential standard issued by the Australian Prudential Regulation Authority (APRA) outlining risk management requirements for regulated entities. It establishes standards for institutions to identify, assess, and manage risks effectively to ensure financial stability and compliance.
Australian Prudential Regulation Authority (APRA) • Australia
CPS 226 — Prudential Standard CPS 226: Margining and Risk Mitigation for Non-centrally Cleared Derivatives
This is an Australian standard issued by APRA outlining the requirements for margining and risk mitigation of non-centrally cleared derivatives. It ensures financial institutions operate with adequate practices to manage counterparty risk.
Australian Prudential Regulation Authority (APRA) • Australia
CPS 232 — Prudential Standard CPS 232 Business Continuity Management
CPS 232 is an Australian Prudential Standard that outlines the requirements for regulated entities to maintain and manage effective business continuity plans. It ensures that entities are prepared to address and recover from disruptions to their operations.
Australian Prudential Regulation Authority (APRA) • Australia
CPS 230 — Prudential Standard CPS 230 Operational Risk Management
CPS 230 sets out requirements for APRA-regulated entities to effectively manage operational risks. It covers obligations on governance, risk frameworks, and risk controls to ensure resilience against operational disruptions.
Australian Prudential Regulation Authority (APRA) • Australia
RG 166 — RG 166 AFS Licensing: Financial Requirements
RG 166 provides financial requirements for holders of an Australian Financial Services (AFS) licence, which vary based on the financial products and services offered. It excludes entities regulated by the Australian Prudential Regulation Authority (APRA) that are not required to comply with specific provisions of the Corporations Act 2001.
Australian Securities and Investments Commission (ASIC) • Australia
RG 104 — RG 104 AFS Licensing: Meeting the General Obligations
This regulatory guide provides information for Australian Financial Services (AFS) licensees and applicants about compliance with general obligations under section 912A(1) of the Corporations Act. It outlines what ASIC looks for during assessments of compliance.
Australian Securities and Investments Commission (ASIC) • Australia
RG 105 — RG 105 AFS Licensing: Organisational Competence
This guide outlines the requirements for Australian financial services (AFS) licensees and applicants to meet the 'organisational competence obligation' under the Corporations Act. It provides clarity on compliance expectations relating to the qualifications, experience, and capability of key individuals within the licensee's organization.
Australian Securities and Investments Commission (ASIC) • Australia
CPS 510 — Prudential Standard CPS 510 Governance
This is a prudential standard issued by the Australian Prudential Regulation Authority (APRA) to provide requirements for governance of regulated entities. It focuses on promoting sound corporate governance practices.
Australian Prudential Regulation Authority (APRA) • Australia
RG 270 — RG 270 Whistleblower Policies
This guide provides entities with information on establishing whistleblower policies that comply with legal obligations under the Corporations Act. It includes guidance for both entities required to have such policies and those managing whistleblowing under legal frameworks.
Australian Securities and Investments Commission (ASIC) • Australia
RG 259 — RG 259 Risk management systems of fund operators
This regulatory guide provides specific guidance for Australian financial services (AFS) licensees that are responsible entities or corporate directors (fund operators) on how to comply with their obligation under s912A(1)(h) of the Corporations Act 2001 to maintain adequate risk management systems.
Australian Securities and Investments Commission (ASIC) • Australia
Ready to manage these frameworks?
6clicks maps regulations to controls, evidence and risks — automatically.