Cyber, critical infrastructure & AI standards — all in one place.
The latest standards, laws and regulations, with curated metadata, mapped controls and expert guidance from 6clicks. Built for GRC, compliance and security teams.
Browse by industry
Browse by sector. Each page shows relevant standards, laws, regulations, and frameworks.
Explore all industriesContent Library
Showing 20 of 22
PSPF 2026 — Protective Security Policy Framework Release 2026
Protective Security Policy Framework (PSPF) Release 2026 is the Australian Government's updated protective security framework that sets mandatory requirements across six security domains to help government entities protect their people, information, assets, and resources through effective risk management and security practices.
Australian Government • Australia • v2026
SACSF V2.0 — South Australian Cyber Security Framework V2.0
The South Australian Cyber Security Framework (SACSF) is a cybersecurity governance framework developed by Security SA to help South Australian Government agencies manage cyber risks and protect information, systems, and digital services. It consists of 18 policy statements across four core principles—Governance, Information Security, Personnel Security, and Physical Security—and uses a four-tier risk-based approach to implement security controls proportionate to agency risk exposure.
Australian Government • South Australia • v2.0
ASD Essential 8 Maturity Model - 2023 — Australian Signals Directorate (ASD) Essential Eight Maturity Model 2023
The ASD Essential 8 Maturity Model is a framework developed by the Australian Signals Directorate (ASD) to guide organizations in implementing prioritized cyber security mitigation strategies. It provides structured maturity levels to help organizations progressively strengthen their defenses against common cyber threats. The model ensures consistency, accountability, and resilience by aligning practices across all eight strategies.
Australian Signals Directorate (ASD) • Australia • vNovember 2023
ISO/IEC 27018:2025 — ISO/IEC 27018:2025 Information security, cybersecurity and privacy protection — Guidelines for protection of personally identifiable information (PII) in public clouds acting as PII processors
ISO/IEC 27018:2025 is the global standard for managing personally identifiable information (PII) in public cloud services. It provides cloud providers with a framework to ensure privacy, security, and compliance when processing customer data.
International Organization for Standardization (ISO) • v2025
ISM CCM — Information Security Manual Cloud Controls Matrix Template
The Cloud Controls Matrix (CCM) Template is a comprehensive framework for mapping cloud security controls to industry standards and compliance requirements. It helps organizations assess, implement, and demonstrate effective cloud security practices across diverse environments.
Australian Government • Australia • vJune 2026
ISM SSP — Information Security Manual System Security Plan Annex Template
The System Security Plan (SSP) Annex Template is a structured document used to capture detailed information about an organization’s cyber security controls and implementation. It supports accreditation processes by providing evidence of compliance, risk management, and system-specific security measures.
Australian Government • Australia • vJune 2026
RFFR ISM SoA — Right Fit for Risk Information Security Manual Statement of Applicability
The Right Fit for Risk (RFFR) Statement of Applicability (SoA) is a structured template used to document how organizations meet cyber security accreditation requirements. It outlines applicable controls, their implementation status, and provides assurance of compliance with the RFFR framework.
Australian Government • Australia • vJune 2026
ISM — Information Security Manual
The Australian ISM is the nationally recognized cybersecurity framework developed by the Australian Signals Directorate. It provides organizations with structured guidance to safeguard information and operational technology systems against evolving cyber threats.
Australian Government • Australia • vJune 2026
Safe & Trusted Internet — Guidelines on Information Security Practices for Government Entities
The Safe & Trusted Internet Guidelines on Information Security Practices for Government Entities, issued by the Indian Computer Emergency Response Team (CERT-In), establish baseline cyber security controls and best practices to help government entities protect ICT infrastructure, systems, networks, and data against evolving cyber threats and strengthen India’s digital security posture.
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India • India
PDSP — Protective Data Security Plan (PDSP) Single organisation PDSP form Version 3.7
Victorian public sector bodies are required to report on their information security practices to the Office of the Victorian Information Commissioner (OVIC). This includes submitting Protective Data Security Plans (PDSPs), annual attestations, and notifying OVIC of security incidents as outlined under the Victorian Protective Data Security Framework and Standards (VPDSF, VPDSS).
Office of the Victorian Information Commissioner (OVIC) • Victoria, Australia • v3.7
ECC 2-2024 — Essential Cybersecurity Controls
The Essential Cybersecurity Controls (ECC 2-2024) aim to enhance cybersecurity at the national level in Saudi Arabia. They provide policies and controls to protect the information and technological assets of national entities.
National Cybersecurity Authority • Kingdom of Saudi Arabia • v2-2024
CCM v4.0 — Cloud Controls Matrix v4.0
The Cloud Controls Matrix (CCM) v4 is a meta-framework of cloud-specific security controls designed to provide clarity and structure for information security in cloud computing environments. It includes mappings to leading standards, best practices, and regulations.
Cloud Security Alliance (CSA) • v4.0
IS18 — Information and Cyber Security Policy (IS18)
The Information and Cyber Security Policy (IS18) is a policy framework established by the Queensland Government to enhance information security and organizational resilience. It mandates the implementation of ISO 27001-based ISMS, systematic risk management, and compliance with the Australian Signals Directorate's Essential Eight Strategies for all Queensland Government agencies.
Queensland Government • Queensland, Australia • v9.0.0
EU Regulation 2022/1645 — Commission Delegated Regulation (EU) 2022/1645
EU Regulation 2022/1645 establishes mandatory cybersecurity management requirements for Part 21 Design Organisations (DOs) and Production Organisations (POs) in the aviation sector. It introduces the implementation of an Information Security Management System (ISMS) to protect critical systems, data, and processes from cyber threats.
European Commission • European Union
CMMC — Cybersecurity Maturity Model Certification
The Cybersecurity Maturity Model Certification (CMMC) Assessment Guide defines how organizations are evaluated for compliance with cybersecurity requirements when working with the U.S. Department of Defense. It outlines assessment methods, evidence expectations, and control validation aligned with standards like NIST SP 800-171. The guide ensures consistent and rigorous verification of an organization’s ability to protect sensitive information.
US Government • United States • v2.13
Privacy and Data Protection Act 2014 — Privacy and Data Protection Act 2014 Version No. 032
The Privacy and Data Protection Act 2014 establishes a framework for protecting personal information and ensuring data security within the State of Victoria, Australia. It sets out responsibilities for Victorian public sector agencies regarding personal data handling and protections.
Victorian Government • Victoria, Australia • version No. 032
Commission Implementing Regulation (EU) 2023/203
This regulation outlines requirements for the management of information security risks that could impact aviation safety. It applies to organisations and competent authorities operating in the aviation sector to ensure secure operations.
European Union Aviation Safety Agency (EASA) • European Union • v2023/203
ADHICS — Abu Dhabi Healthcare Information and Cyber Security Standard
The AAMEN programme ensures that all healthcare facilities in Abu Dhabi comply with information security and data privacy standards to safeguard patient data. It incorporates the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS) and aims to enhance cybersecurity governance, resilience, and innovation in the healthcare sector.
Department of Health Abu Dhabi • Abu Dhabi, United Arab Emirates • v2
NIST SP 800-39 — NIST Special Publication 800-39 - Managing Information Security Risk: Organization, Mission, and Information System View
NIST SP 800-39 provides guidance for developing an organization-wide program to manage information security risk. It introduces a structured yet flexible framework for assessing, responding to, and monitoring risks associated with federal information systems.
National Institute of Standards and Technology (NIST) • United States
CPG 234 — CPG 234 Information Security
This standard provides information security guidance for Australian financial institutions regulated by APRA. It aims to ensure operational resilience and protect against information security threats.
Australian Prudential Regulation Authority (APRA) • Australia • vJune 2019
Partner directory
Certified resellers, integrators and advisors to help you implement and manage your GRC program.

1886 Consulting
- Region
- Australia
Tap into our knowledge of wealth.
Governance • Risk Management • Compliance Management • GRC Advisory

19eighty Advisory
- Region
- Australia
Business ownership is the most powerful calling.

3 Lights
- Region
- Brisbane, Australia
GRC and security specialists committed to the creation and protection of organisational value.
Risk Management • ISO 27001 • NIST CSF • Essential Eight

3Quotes
- Region
- Toronto, Canada
Your IT Procurement Partner

A1 Hrvatska d.o.o.
- Region
- Zagreb, Croatia
Croatia's leading telecommunications provider offering mobile, internet, TV, and managed security services.
Managed Security Services • Security Operations • Cloud Security

Accenture
- Region
- Dublin, Ireland
De-risk tomorrow by infusing cybersecurity into strategy, resilience, and protection at global scale.
GRC Advisory • Risk Management • Compliance Management • Security Operations

AfterDark Technology
- Region
- Bowen Hills, Australia
ISO 27001-certified managed IT services provider keeping Australian businesses secure, reliable, and running.
IT Managed Services • Managed Security Services • Essential Eight • ISO 27001

Allied Global Advisors
- Region
- United Arab Emirates
Global business advisory empowering SMEs across finance, risk, and digital transformation.
Risk Management • Governance • GRC Advisory • Digital Transformation
Ready to manage these frameworks?
6clicks maps regulations to controls, evidence and risks — automatically.