Cyber, critical infrastructure & AI standards — all in one place.
The latest standards, laws and regulations, with curated metadata, mapped controls and expert guidance from 6clicks. Built for GRC, compliance and security teams.
All content · 35 items
Ozone Protection and Synthetic Greenhouse Gas Management Act 1989
The Ozone Protection and Synthetic Greenhouse Gas Management Act 1989 is Australian legislation designed to manage the use, import, and export of ozone-depleting substances (ODS) and synthetic greenhouse gases (SGGs). It aligns with Australia's obligations under the Montreal Protocol, emphasizing environmental protection through licensing, quotas, and controls on substances and equipment.
- Issuer
- Australian Government
- Jurisdiction
- Australia
- Version
- 7, 1989
- Updated
- Jan 2020
CCM v4.0 — Cloud Controls Matrix v4.0
The Cloud Controls Matrix (CCM) v4 is a meta-framework of cloud-specific security controls designed to provide clarity and structure for information security in cloud computing environments. It includes mappings to leading standards, best practices, and regulations.
- Issuer
- Cloud Security Alliance (CSA)
- Version
- 4.0
Corporations Regulations 2001 — Corporations Regulations 2001
The Corporations Regulations 2001 is a set of legislative rules in Australia that provide detailed regulations supporting the Corporations Act 2001. It governs key aspects of corporate governance, financial reporting, and administration within Australian companies.
- Issuer
- Australian Government
- Jurisdiction
- Australia
- Version
- 01 January 2022
- Updated
- Jan 2022
CPS 231 — Prudential Standard CPS 231 Outsourcing
The Prudential Standard CPS 231 establishes requirements for outsourcing arrangements by financial institutions regulated by the Australian Prudential Regulation Authority (APRA). It aims to ensure that risks associated with outsourcing are effectively managed.
- Issuer
- Australian Prudential Regulation Authority (APRA)
- Jurisdiction
- Australia
- Updated
- Jul 2017
APPs — Australian Privacy Principles
The Australian Privacy Principles (APPs) are a set of 13 principles that form the privacy protection framework under the Privacy Act 1988. They govern how personal information is collected, used, disclosed, and managed by organizations and agencies subject to the Act.
- Issuer
- Office of the Australian Information Commissioner (OAIC)
- Jurisdiction
- Australia
Fair Work Regulations 2009
The Fair Work Regulations 2009 provide detailed legislative backing to the Fair Work Act 2009, outlining the operational rules and requirements for employment relationships, industrial agreements, and workplace standards in Australia. It includes rules on employer obligations, employee protections, and compliance mechanisms.
- Issuer
- Department of Employment and Workplace Relations (DEWR)
- Jurisdiction
- Australia
- Updated
- May 2018
ISO/IEC 42001 — ISO/IEC 42001:2023 - Artificial Intelligence Management System
ISO/IEC 42001:2023 is the first international standard for Artificial Intelligence Management Systems (AIMS). It provides requirements for establishing, implementing, maintaining, and improving AIMS, focusing on the responsible use, governance, and risk management of AI across organizations.
- Issuer
- ISO/IEC
- Version
- 2023
- Updated
- Dec 2023
UAE Personal Data Protection Law — Federal Decree Law No. 45 of 2021 Regarding the Protection of Personal Data
The UAE Personal Data Protection Law establishes an integrated framework to ensure the confidentiality of information and protect individual privacy in the UAE. It governs the processing of personal data, defines the rights of data owners, sets requirements for cross-border data transfer, and outlines obligations for businesses handling personal data.
- Issuer
- UAE Data Office
- Jurisdiction
- United Arab Emirates
- Version
- 20 Sep 2021
RG 104 — RG 104 AFS Licensing: Meeting the General Obligations
This regulatory guide provides information for Australian Financial Services (AFS) licensees and applicants about compliance with general obligations under section 912A(1) of the Corporations Act. It outlines what ASIC looks for during assessments of compliance.
- Issuer
- Australian Securities and Investments Commission (ASIC)
- Jurisdiction
- Australia
CPS 230 — Prudential Standard CPS 230 Operational Risk Management
CPS 230 sets out requirements for APRA-regulated entities to effectively manage operational risks. It covers obligations on governance, risk frameworks, and risk controls to ensure resilience against operational disruptions.
- Issuer
- Australian Prudential Regulation Authority (APRA)
- Jurisdiction
- Australia
- Updated
- Jul 2023
RG 274 — RG 274 Product Design and Distribution Obligations
This guide, issued by ASIC, outlines obligations for issuers and distributors of financial products under Part 7.8A of the Corporations Act. It provides ASIC's interpretation, expectations for compliance, and approach for administering these obligations.
- Issuer
- Australian Securities and Investments Commission (ASIC)
- Jurisdiction
- Australia
RG 259 — RG 259 Risk management systems of fund operators
This regulatory guide provides specific guidance for Australian financial services (AFS) licensees that are responsible entities or corporate directors (fund operators) on how to comply with their obligation under s912A(1)(h) of the Corporations Act 2001 to maintain adequate risk management systems.
- Issuer
- Australian Securities and Investments Commission (ASIC)
- Jurisdiction
- Australia
CMMC — Cybersecurity Maturity Model Certification
The Cybersecurity Maturity Model Certification (CMMC) Assessment Guide defines how organizations are evaluated for compliance with cybersecurity requirements when working with the U.S. Department of Defense. It outlines assessment methods, evidence expectations, and control validation aligned with standards like NIST SP 800-171. The guide ensures consistent and rigorous verification of an organization’s ability to protect sensitive information.
- Issuer
- US Government
- Jurisdiction
- United States
- Version
- 2.13
FSSCP — The Financial Services Sector Cybersecurity Profile
The Financial Services Sector Cybersecurity Profile is a scalable and extensible assessment tool designed to help financial institutions manage cyber risks and demonstrate regulatory compliance. It is based on the NIST Cybersecurity Framework and offers a tailored approach to streamline cybersecurity assessments globally.
- Issuer
- Financial Services Sector Coordinating Council (FSSCC)
- Jurisdiction
- Global
CPS 510 — Prudential Standard CPS 510 Governance
This is a prudential standard issued by the Australian Prudential Regulation Authority (APRA) to provide requirements for governance of regulated entities. It focuses on promoting sound corporate governance practices.
- Issuer
- Australian Prudential Regulation Authority (APRA)
- Jurisdiction
- Australia
SPS 310 — Prudential Standard SPS 310 Audit and Related Matters
Prudential Standard SPS 310 establishes requirements for conducting audits and related matters for the superannuation industry in Australia. It ensures compliance with financial reporting and auditing practices in accordance with regulatory standards.
- Issuer
- Australian Prudential Regulation Authority (APRA)
- Jurisdiction
- Australia
- Updated
- Jun 2024
SCF — Secure Controls Framework
The Secure Controls Framework (SCF) is a comprehensive, free cybersecurity and data privacy metaframework designed to simplify compliance and build secure, resilient organizations. It unifies control sets to simultaneously meet compliance requirements across multiple laws, regulations, and frameworks.
- Issuer
- Secure Controls Framework (SCF) Council
- Version
- 2023.2
RG 1 — RG 1 Applying for and varying an AFS licence
This regulatory guide provides details on the process for applying for and varying an Australian Financial Services (AFS) licence. It outlines ASIC’s approach to assessing applications and the required documentation for submission.
- Issuer
- Australian Securities and Investments Commission (ASIC)
- Jurisdiction
- Australia
RG 133 — RG 133 Funds Management and Custodial Services: Holding Assets
RG 133 outlines the Australian financial services (AFS) licence obligations for entities involved in managing and holding client assets. It sets minimum standards that apply to responsible entities of registered managed investment schemes, licensed custody providers, MDA providers, and IDPS operators.
- Issuer
- Australian Securities and Investments Commission (ASIC)
- Jurisdiction
- Australia
- Updated
- Dec 2024
SPS 521 — Prudential Standard SPS 521 - Conflicts of Interest
Prudential Standard SPS 521 is a legislative instrument under the Superannuation Industry (Supervision) Act 1993. It sets requirements for superannuation entities in Australia to appropriately manage conflicts of interest to ensure compliance and trust in their operations.
- Issuer
- Australian Prudential Regulation Authority (APRA)
- Jurisdiction
- Australia
Guidelines on ICT and Security Risk Management
The EBA Guidelines establish requirements for credit institutions, investment firms, and payment service providers on mitigating and managing information and communication technology (ICT) risks. They aim to ensure a consistent and robust approach to ICT and security risk management across the EU financial sector.
- Issuer
- European Banking Authority (EBA)
- Jurisdiction
- European Union
- Version
- 2025 update
- Updated
- Jul 2025
ISO 45001 — ISO 45001:2018 - Occupational Health and Safety Management Systems — Requirements with Guidance for Use
ISO 45001:2018 is an international standard that specifies requirements for an occupational health and safety (OH&S) management system. It helps organizations improve workplace safety, reduce risks, and enhance overall OH&S performance.
- Issuer
- International Organization for Standardization (ISO)
- Version
- 2018
- Updated
- May 2024
RG 271 — RG 271 Internal Dispute Resolution
This regulatory guide outlines enforceable standards and requirements for internal dispute resolution (IDR) systems for financial firms in Australia. It specifies the obligations these firms must meet to comply with ASIC's IDR standards.
- Issuer
- Australian Securities and Investments Commission (ASIC)
- Jurisdiction
- Australia
- Updated
- Sep 2021
RG 105 — RG 105 AFS Licensing: Organisational Competence
This guide outlines the requirements for Australian financial services (AFS) licensees and applicants to meet the 'organisational competence obligation' under the Corporations Act. It provides clarity on compliance expectations relating to the qualifications, experience, and capability of key individuals within the licensee's organization.
- Issuer
- Australian Securities and Investments Commission (ASIC)
- Jurisdiction
- Australia
NIST SP 800-171A Rev. 3 — NIST Special Publication 800-171A Rev. 3 - Assessing Security Requirements for Controlled Unclassified Information
This publication provides a methodology and assessment procedures for evaluating security requirements associated with the protection of Controlled Unclassified Information (CUI). It supports compliance with NIST SP 800-171 in nonfederal systems and organizations.
- Issuer
- National Institute of Standards and Technology (NIST)
- Jurisdiction
- United States
- Version
- Revision 3
- Updated
- Nov 2023
EU 2016/1675 — Commission Delegated Regulation (EU) 2016.1675 on High Risk Third Countries
This regulation identifies high-risk third countries with strategic deficiencies in the area of anti-money laundering (AML) and countering the financing of terrorism (CFT). It supplements Directive (EU) 2015/849, providing a legal framework for such identifications.
- Issuer
- European Commission
- Jurisdiction
- European Union
- Version
- 14 July 2016
- Updated
- Jun 2023
Renewable Energy (Electricity) Act 2000
The Renewable Energy (Electricity) Act 2000 establishes a legal framework to encourage the generation of electricity from renewable energy sources in Australia. It creates a system for renewable energy certificates and mandates a Renewable Power Percentage to ensure participation by electricity retailers.
- Issuer
- Australian Government
- Jurisdiction
- Australia
- Updated
- Mar 2016
GDPR — General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union to harmonize privacy regulations across member states. It governs the processing of personal data by organizations operating within the EU and those outside the EU that target EU residents.
- Issuer
- European Parliament and Council of the European Union
- Jurisdiction
- European Union
- Updated
- May 2018
National Greenhouse and Energy Reporting Act 2007
The National Greenhouse and Energy Reporting Act 2007 establishes a national framework for corporations to report their greenhouse gas emissions, energy production, and energy consumption. It aims to improve data transparency and inform government policy on climate change.
- Issuer
- Australian Government
- Jurisdiction
- Australia
- Updated
- Sep 2021
RG 270 — RG 270 Whistleblower Policies
This guide provides entities with information on establishing whistleblower policies that comply with legal obligations under the Corporations Act. It includes guidance for both entities required to have such policies and those managing whistleblowing under legal frameworks.
- Issuer
- Australian Securities and Investments Commission (ASIC)
- Jurisdiction
- Australia
India - (DPDP) Rules — India - Digital Personal Data Protection (DPDP) Rules
The Digital Personal Data Protection Rules, 2025 operationalize India’s Digital Personal Data Protection Act, 2023 by establishing detailed requirements for the collection, processing, storage, and protection of digital personal data. The Rules define obligations for organizations handling personal data, including consent management, breach notifications, data retention, and protections for children and vulnerable individuals. They also establish governance mechanisms such as the Data Protection Board and provide a phased implementation timeline for compliance.
- Issuer
- Government of India
- Version
- 2025
- Updated
- Jan 2025
ADHICS — Abu Dhabi Healthcare Information and Cyber Security Standard
The AAMEN programme ensures that all healthcare facilities in Abu Dhabi comply with information security and data privacy standards to safeguard patient data. It incorporates the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS) and aims to enhance cybersecurity governance, resilience, and innovation in the healthcare sector.
- Issuer
- Department of Health Abu Dhabi
- Jurisdiction
- Abu Dhabi, United Arab Emirates
- Version
- 2
- Updated
- May 2026
ITSP.10.171 — Protecting Specified Information in Non-Government of Canada Systems and Organizations
ITSP.10.171 sets out security requirements for protecting 'specified information' when it resides in non-Government of Canada systems or organizations. It aligns with NIST standards but adapts them to the Canadian regulatory environment.
- Issuer
- Canadian Centre for Cyber Security
- Jurisdiction
- Canada
- Version
- First release
- Updated
- Oct 2025
PCI DSS — PCI Data Security Standard (PCI DSS)
The PCI Data Security Standard (PCI DSS) is a global security standard designed to protect payment card account data. It establishes technical and operational security requirements for organizations that handle cardholder data.
- Issuer
- PCI Security Standards Council
- Version
- 4.x
India - PDPD Act — India - Digital Personal Data Protection (PDPD) Act (Act No. 22 of 2023)
The Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023) establishes India’s legal framework for processing digital personal data while balancing individuals’ privacy rights with lawful data use. The Act defines obligations for organizations handling personal data, grants rights and duties to individuals, and introduces requirements for consent, data protection, and breach accountability. It also establishes the Data Protection Board of India to oversee compliance, adjudication, and enforcement of penalties for violations.
- Issuer
- Government of India
- Jurisdiction
- India
- Version
- 2023
- Updated
- Aug 2023
Looking for sector-specific guidance?
Each industry page bundles the standards that matter most for that sector, with expert commentary and links to the 6clicks platform.
Critical Infraustructure
Critical infrastructure spans the energy, water, transport, healthcare, and communications sectors whose disruption would impact national security, safety, and the economy.
See itemsDefense
6clicks deploys inside classified and air-gapped environments, meets strict data handling requirements, and keeps your program audit-ready.
See itemsFinance Sector
Pertains to banking, insurance, and financial services, focusing on regulatory compliance, risk management, and financial integrity.
See itemsGovernment
See itemsReady to operationalize these standards?
The 6clicks platform maps these regulations to controls, evidence and risks — automatically.