Cyber, critical infrastructure & AI standards — all in one place.
The latest standards, laws and regulations, with curated metadata, mapped controls and expert guidance from 6clicks. Built for GRC, compliance and security teams.
Browse by industry
Browse by sector. Each page shows relevant standards, laws, regulations, and frameworks.
Explore all industriesContent Library
Showing 20 of 36
PSPF 2026 — Protective Security Policy Framework Release 2026
Protective Security Policy Framework (PSPF) Release 2026 is the Australian Government's updated protective security framework that sets mandatory requirements across six security domains to help government entities protect their people, information, assets, and resources through effective risk management and security practices.
Australian Government • Australia • v2026
NIST AI RMF — NIST AI Risk Management Framework
The AI Risk Management Framework (AI RMF) is a voluntary framework developed by NIST to help organizations design, develop, use, and evaluate AI systems with trustworthiness considerations. It addresses governance, mapping, measuring, and managing AI risks.
National Institute of Standards and Technology (NIST) • United States • v1.0
CCM v4.1 — Cloud Controls Matrix v4.1
The Cloud Controls Matrix (CCM) v4.1 is a cybersecurity control framework that consists of 207 controls across 17 security domains, specifically tailored for cloud security and privacy. The Consensus Assessment Initiative Questionnaire (CAIQ) accompanies the CCM, offering a set of assessment questions to evaluate security controls.
Cloud Security Alliance (CSA) • v4.1
ASD Essential 8 Maturity Model - 2023 — Australian Signals Directorate (ASD) Essential Eight Maturity Model 2023
The ASD Essential 8 Maturity Model is a framework developed by the Australian Signals Directorate (ASD) to guide organizations in implementing prioritized cyber security mitigation strategies. It provides structured maturity levels to help organizations progressively strengthen their defenses against common cyber threats. The model ensures consistency, accountability, and resilience by aligning practices across all eight strategies.
Australian Signals Directorate (ASD) • Australia • vNovember 2023
Cyber Essentials Danzell Question Set — Cyber Essentials Question Set v3.3 (Danzell) April 2026
Cyber Essentials: Requirements for IT Infrastructure v3.3 Question Set is a structured self-assessment designed to help organizations evaluate their cyber security practices. It focuses on five key technical control areas—firewalls, secure configuration, user access control, malware protection, and patch management. By completing the question set, organizations can demonstrate compliance with baseline security standards and strengthen resilience against common cyber threats.
National Cyber Security Centre (NCSC) • v3.3
ISO/IEC 27018:2025 — ISO/IEC 27018:2025 Information security, cybersecurity and privacy protection — Guidelines for protection of personally identifiable information (PII) in public clouds acting as PII processors
ISO/IEC 27018:2025 is the global standard for managing personally identifiable information (PII) in public cloud services. It provides cloud providers with a framework to ensure privacy, security, and compliance when processing customer data.
International Organization for Standardization (ISO) • v2025
ISM CCM — Information Security Manual Cloud Controls Matrix Template
The Cloud Controls Matrix (CCM) Template is a comprehensive framework for mapping cloud security controls to industry standards and compliance requirements. It helps organizations assess, implement, and demonstrate effective cloud security practices across diverse environments.
Australian Government • Australia • vJune 2026
ISM SSP — Information Security Manual System Security Plan Annex Template
The System Security Plan (SSP) Annex Template is a structured document used to capture detailed information about an organization’s cyber security controls and implementation. It supports accreditation processes by providing evidence of compliance, risk management, and system-specific security measures.
Australian Government • Australia • vJune 2026
RFFR ISM SoA — Right Fit for Risk Information Security Manual Statement of Applicability
The Right Fit for Risk (RFFR) Statement of Applicability (SoA) is a structured template used to document how organizations meet cyber security accreditation requirements. It outlines applicable controls, their implementation status, and provides assurance of compliance with the RFFR framework.
Australian Government • Australia • vJune 2026
ISM — Information Security Manual
The Australian ISM is the nationally recognized cybersecurity framework developed by the Australian Signals Directorate. It provides organizations with structured guidance to safeguard information and operational technology systems against evolving cyber threats.
Australian Government • Australia • vJune 2026
NIST SP 800-53 Rev. 5.2 — Security and Privacy Controls for Information Systems and Organizations
NIST Special Publication 800-53 Rev. 5 provides a comprehensive catalog of security and privacy controls designed to safeguard organizational operations, assets, and individuals from a broad spectrum of risks including cyberattacks, human mistakes, and natural disasters. It is widely used for implementing security measures as part of risk management frameworks.
NIST (National Institute of Standards and Technology) • United States • v5.2.0
India - (DPDP) Rules — India - Digital Personal Data Protection (DPDP) Rules
The Digital Personal Data Protection Rules, 2025 operationalize India’s Digital Personal Data Protection Act, 2023 by establishing detailed requirements for the collection, processing, storage, and protection of digital personal data. The Rules define obligations for organizations handling personal data, including consent management, breach notifications, data retention, and protections for children and vulnerable individuals. They also establish governance mechanisms such as the Data Protection Board and provide a phased implementation timeline for compliance.
Government of India • India • v2025
India - PDPD Act — India - Digital Personal Data Protection (PDPD) Act (Act No. 22 of 2023)
The Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023) establishes India’s legal framework for processing digital personal data while balancing individuals’ privacy rights with lawful data use. The Act defines obligations for organizations handling personal data, grants rights and duties to individuals, and introduces requirements for consent, data protection, and breach accountability. It also establishes the Data Protection Board of India to oversee compliance, adjudication, and enforcement of penalties for violations.
Government of India • India • v2023
Safe & Trusted Internet — Guidelines on Information Security Practices for Government Entities
The Safe & Trusted Internet Guidelines on Information Security Practices for Government Entities, issued by the Indian Computer Emergency Response Team (CERT-In), establish baseline cyber security controls and best practices to help government entities protect ICT infrastructure, systems, networks, and data against evolving cyber threats and strengthen India’s digital security posture.
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India • India
SOCIA 2018 — Security of Critical Infrastructure Act 2018
The Security of Critical Infrastructure Act 2018 (SOCIA) establishes a regulatory framework for managing national security risks to Australia’s critical infrastructure sectors. It introduces statutory obligations, reporting requirements, and oversight mechanisms for critical assets.
Australian Department of Home Affairs • Australia • vNo. 29, 2018
C2M2 — Cybersecurity Capability Maturity Model
The Cybersecurity Capability Maturity Model (C2M2) is a tool developed by the U.S. Department of Energy to help organizations evaluate and enhance their cybersecurity capabilities. It focuses on both IT and OT environments, offering a structured framework of over 350 practices organized into 10 domains.
U.S. Department of Energy • United States • v2.1
ISO/IEC 42001 — ISO/IEC 42001:2023 - Artificial Intelligence Management System
ISO/IEC 42001:2023 is the first international standard for Artificial Intelligence Management Systems (AIMS). It provides requirements for establishing, implementing, maintaining, and improving AIMS, focusing on the responsible use, governance, and risk management of AI across organizations.
ISO/IEC • v2023
CCM v4.0 — Cloud Controls Matrix v4.0
The Cloud Controls Matrix (CCM) v4 is a meta-framework of cloud-specific security controls designed to provide clarity and structure for information security in cloud computing environments. It includes mappings to leading standards, best practices, and regulations.
Cloud Security Alliance (CSA) • v4.0
IS18 — Information and Cyber Security Policy (IS18)
The Information and Cyber Security Policy (IS18) is a policy framework established by the Queensland Government to enhance information security and organizational resilience. It mandates the implementation of ISO 27001-based ISMS, systematic risk management, and compliance with the Australian Signals Directorate's Essential Eight Strategies for all Queensland Government agencies.
Queensland Government • Queensland, Australia • v9.0.0
ISO 45001 — ISO 45001:2018 - Occupational Health and Safety Management Systems — Requirements with Guidance for Use
ISO 45001:2018 is an international standard that specifies requirements for an occupational health and safety (OH&S) management system. It helps organizations improve workplace safety, reduce risks, and enhance overall OH&S performance.
International Organization for Standardization (ISO) • v2018
Partner directory
Certified resellers, integrators and advisors to help you implement and manage your GRC program.

1886 Consulting
- Region
- Australia
Tap into our knowledge of wealth.
Governance • Risk Management • Compliance Management • GRC Advisory

19eighty Advisory
- Region
- Australia
Business ownership is the most powerful calling.

3 Lights
- Region
- Brisbane, Australia
GRC and security specialists committed to the creation and protection of organisational value.
Risk Management • ISO 27001 • NIST CSF • Essential Eight

3Quotes
- Region
- Toronto, Canada
Your IT Procurement Partner

A1 Hrvatska d.o.o.
- Region
- Zagreb, Croatia
Croatia's leading telecommunications provider offering mobile, internet, TV, and managed security services.
Managed Security Services • Security Operations • Cloud Security

Accenture
- Region
- Dublin, Ireland
De-risk tomorrow by infusing cybersecurity into strategy, resilience, and protection at global scale.
GRC Advisory • Risk Management • Compliance Management • Security Operations

AfterDark Technology
- Region
- Bowen Hills, Australia
ISO 27001-certified managed IT services provider keeping Australian businesses secure, reliable, and running.
IT Managed Services • Managed Security Services • Essential Eight • ISO 27001

Allied Global Advisors
- Region
- United Arab Emirates
Global business advisory empowering SMEs across finance, risk, and digital transformation.
Risk Management • Governance • GRC Advisory • Digital Transformation
Ready to manage these frameworks?
6clicks maps regulations to controls, evidence and risks — automatically.