Cyber, critical infrastructure &amp; AI standards — all in one place.

View detailscybersecurity · IT infrastructure

Cyber Essentials v3.2 — Cyber Essentials Requirements for IT Infrastructure

Cyber Essentials is a UK government-backed scheme focused on protecting IT infrastructure from common cyber threats. Version 3.2 outlines updated security controls and practices.

Issuer: UK National Cyber Security Centre (NCSC)
Jurisdiction: United Kingdom
Version: 3.2

View detailscybersecurity · maturity model

C2M2 — Cybersecurity Capability Maturity Model

The Cybersecurity Capability Maturity Model (C2M2) is a tool developed by the U.S. Department of Energy to help organizations evaluate and enhance their cybersecurity capabilities. It focuses on both IT and OT environments, offering a structured framework of over 350 practices organized into 10 domains.

Issuer: U.S. Department of Energy
Jurisdiction: United States
Version: 2.1
Updated: Jun 2022

View detailscybersecurity · certification

Cyber Essentials Mark — CSA Cybersecurity Certification: Cyber Essentials Mark

The Cyber Essentials (2025) certification is a cybersecurity certification scheme developed by the Cyber Security Agency (CSA) of Singapore. It provides a framework for organisations to enhance their cybersecurity posture, covering areas like classical cybersecurity, cloud security, OT security, and AI security.

Issuer: Cyber Security Agency of Singapore (CSA)
Jurisdiction: Singapore
Version: 04-2025 (Second edition)
Updated: Apr 2026

View detailscybersecurity · supply chain

NIST SP 800-161 Rev. 1 — NIST Special Publication 800-161 Rev. 1 - Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations

This publication provides guidance on identifying, assessing, and mitigating cybersecurity risks throughout the supply chain. It integrates Cybersecurity Supply Chain Risk Management (C-SCRM) practices into organizational risk management processes.

Issuer: National Institute of Standards and Technology (NIST)
Jurisdiction: United States
Version: Rev. 1, Update 1

PrivacyLawIn 6clicks App

Qatar PDPPL — Qatar Personal Data Privacy Protection Law (Law No. (13) of 2016)

The Qatar Personal Data Privacy Protection Law (PDPPL), formally Law No. 13 of 2016, is the primary data protection framework in Qatar. It governs how organizations collect, process, store, transfer, and secure personal data belonging to individuals in the country.

Issuer: Qatar National Cyber Security Agency (NCSA)
Jurisdiction: Qatar

View detailsdata protection · consent management

Critical InfrastructureGuidelineIn 6clicks App

NIST SP 800-82 Rev. 3 — NIST Special Publication 800-02 Rev. 3 - Guide to Operational Technology (OT) Security

This document provides guidance on securing operational technology (OT) systems, which include programmable devices interacting with the physical environment. It addresses unique performance, reliability, and safety requirements, identifies threats, and recommends security measures.

Issuer: National Institute of Standards and Technology (NIST)
Jurisdiction: United States
Version: Revision 3

View detailsoperational-technology · industrial-control-systems

CybersecurityControl setIn 6clicks App

CIS Controls v8.1 — CIS Critical Security Controls Version 8.1

The CIS Critical Security Controls Version 8.1 is a prioritized set of cybersecurity best practices designed to defend against common cyber threats to systems and networks. It includes updates to align with evolving industry standards and frameworks, such as NIST CSF 2.0.

Issuer: Center for Internet Security (CIS)
Version: 8.1

View detailscybersecurity · controls

View detailsinformation security · cybersecurity

CMMC — Cybersecurity Maturity Model Certification

The Cybersecurity Maturity Model Certification (CMMC) Assessment Guide defines how organizations are evaluated for compliance with cybersecurity requirements when working with the U.S. Department of Defense. It outlines assessment methods, evidence expectations, and control validation aligned with standards like NIST SP 800-171. The guide ensures consistent and rigorous verification of an organization’s ability to protect sensitive information.

Issuer: US Government
Jurisdiction: United States
Version: 2.13

View detailscybersecurity · assessment

FSSCP — The Financial Services Sector Cybersecurity Profile

The Financial Services Sector Cybersecurity Profile is a scalable and extensible assessment tool designed to help financial institutions manage cyber risks and demonstrate regulatory compliance. It is based on the NIST Cybersecurity Framework and offers a tailored approach to streamline cybersecurity assessments globally.

Issuer: Financial Services Sector Coordinating Council (FSSCC)
Jurisdiction: Global

CybersecurityStandardControl setIn 6clicks App

ISO/IEC 27001:2013 — ISO/IEC 27001:2013 - Information technology — Security techniques — Information security management systems — Requirements

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). It also includes guidelines for assessing and addressing information security risks in organizations.

Issuer: ISO/IEC
Jurisdiction: Global
Version: 2013

View detailsinformation security · ISMS

CybersecurityControl setIn 6clicks App

DCC-1:2022 — Data Cybersecurity Controls

The Data Cybersecurity Controls (DCC-1:2022) establish minimum cybersecurity requirements to protect data throughout its lifecycle. Issued by the Saudi National Cybersecurity Authority, the controls build on existing cybersecurity frameworks to enhance the Kingdom's overall cybersecurity maturity.

Issuer: National Cybersecurity Authority (NCA)
Jurisdiction: Kingdom of Saudi Arabia
Version: 1:2022
Updated: May 2025

View detailscybersecurity · controls

View detailscybersecurity · compliance

SCF — Secure Controls Framework

The Secure Controls Framework (SCF) is a comprehensive, free cybersecurity and data privacy metaframework designed to simplify compliance and build secure, resilient organizations. It unifies control sets to simultaneously meet compliance requirements across multiple laws, regulations, and frameworks.

Issuer: Secure Controls Framework (SCF) Council
Version: 2023.2

CybersecurityRegulationIn 6clicks App

NSW Cyber Security Policy

The NSW Cyber Security Policy outlines mandatory requirements that all NSW Government agencies must follow to ensure the effective management of cyber security risks to government information and systems. It mandates annual reporting by agencies and includes policy directives related to incident management, risk assessment, and compliance.

Issuer: Cyber Security NSW
Jurisdiction: New South Wales, Australia

View detailscybersecurity · nsw

View detailscybersecurity · information assurance

UAE IA V2 — UAE Information Assurance Standard Version 2

The UAE Information Assurance Standard Version 2 (UAE IA V2) is a national cybersecurity framework issued by the UAE Cyber Security Council in 2025. It builds upon the previous version with updated controls and integrations to address modern technologies, such as AI/ML, IoT, cloud, and post-quantum cryptography.

Issuer: UAE Cyber Security Council
Jurisdiction: United Arab Emirates
Version: 2.0
Updated: Oct 2025

View detailszero trust · cybersecurity

CISA ZTMM V2 — CISA Zero Trust Maturity Model V2

The CISA Zero Trust Maturity Model V2 provides a structured roadmap for organizations implementing a zero trust architecture. It outlines five key pillars and associated maturity levels to guide strategies and execution.

Issuer: US Department of Homeland Security (DHS)
Jurisdiction: United States
Version: 2
Updated: Apr 2023

View detailscybersecurity · guidelines

BSI IT-Grundschutz-Compendium Edition 2022

The BSI IT-Grundschutz-Compendium Edition 2022 is a comprehensive cybersecurity guideline published by the German Federal Office for Information Security (BSI). It provides a structured methodology for implementing information security in organizations based on standardized modules and best practices.

Issuer: Federal Office for Information Security (BSI)
Jurisdiction: Germany
Version: 2022
Updated: Jan 2023

View detailscybersecurity · capabilities

QCF — Qatar Cybersecurity Framework

The Qatar Cybersecurity Framework (QCF) provides structured guidelines to help organizations manage and strengthen their cybersecurity practices across governance, risk, protection, detection, response, and recovery. It promotes a proactive, coordinated approach to mitigating cyber threats while enhancing national and organizational resilience.

Issuer: Qatar National Cyber Security Committee (NCSC)
Jurisdiction: Qatar

Critical InfrastructureLawIn 6clicks App

SOCIA 2018 — Security of Critical Infrastructure Act 2018

The Security of Critical Infrastructure Act 2018 (SOCIA) establishes a regulatory framework for managing national security risks to Australia’s critical infrastructure sectors. It introduces statutory obligations, reporting requirements, and oversight mechanisms for critical assets.

Issuer: Australian Department of Home Affairs
Jurisdiction: Australia
Version: No. 29, 2018

View detailscritical infrastructure · cybersecurity

View detailscybersecurity · energy

AESCSF v2 Core — Australian Energy Sector Cyber Security Framework

The Australian Energy Sector Cyber Security Framework (AESCSF) provides a structured approach for managing cybersecurity risks specific to the energy sector. Version 2 introduces updates and refinements to address evolving threats and ensure resilience.

Issuer: Australian Energy Market Operator (AEMO)
Jurisdiction: Australia
Version: 2.0
Updated: Jan 2023

CybersecurityControl setIn 6clicks App

ECC 2-2024 — Essential Cybersecurity Controls

The Essential Cybersecurity Controls (ECC 2-2024) aim to enhance cybersecurity at the national level in Saudi Arabia. They provide policies and controls to protect the information and technological assets of national entities.

Issuer: National Cybersecurity Authority
Jurisdiction: Kingdom of Saudi Arabia
Version: 2-2024
Updated: Apr 2026

View detailscybersecurity · controls

GRCFrameworkControl setIn 6clicks App

COBIT 2019 — COBIT 2019 Framework

The COBIT 2019 Framework, developed by ISACA, is a globally recognized standard for optimizing enterprise IT governance and management. It provides flexible, detailed guidance for organizations aiming to achieve effective governance over information and technology.

Issuer: ISACA
Version: 2019

View detailsit governance · framework

Critical InfrastructureRegulationIn 6clicks App

EU Regulation 2022/1645 — Commission Delegated Regulation (EU) 2022/1645

EU Regulation 2022/1645 establishes mandatory cybersecurity management requirements for Part 21 Design Organisations (DOs) and Production Organisations (POs) in the aviation sector. It introduces the implementation of an Information Security Management System (ISMS) to protect critical systems, data, and processes from cyber threats.

Issuer: European Commission
Jurisdiction: European Union
Updated: Jan 2022

View detailscybersecurity · aviation

CybersecurityStandardControl setIn 6clicks App

ISO/IEC 27001:2022 — ISO/IEC 27001:2022 - Information security, cybersecurity and privacy protection — Information security management systems — Requirements

ISO/IEC 27001:2022 is an international standard defining requirements for an information security management system (ISMS). It helps organizations establish, implement, maintain, and continually improve their information security processes to manage data-related risks.

Issuer: ISO/IEC
Jurisdiction: Global
Version: 2022

View detailsinformation security · ISMS

View detailscybersecurity · data protection

SMB1001 — SMB1001 Cybersecurity Standard

The SMB1001 Cybersecurity Standard provides small and medium-sized businesses, including law firms, with a clear and achievable framework to enhance their cybersecurity defenses and demonstrate due diligence. It aims to help practitioners protect client confidentiality, reduce cyber risks, and meet stakeholder requirements.

Issuer: Dynamic Standards International (DSI)
Jurisdiction: Australia
Version: 2026
Updated: Sep 2025

View detailscybersecurity · framework

NIST CSF 2.0 — NIST Cybersecurity Framework 2.0

The NIST Cybersecurity Framework 2.0 is a comprehensive framework to help organizations manage and reduce cybersecurity risks. It provides guidelines, tools, and resources for improving cybersecurity practices across diverse sectors.

Issuer: National Institute of Standards and Technology (NIST)
Jurisdiction: United States
Version: 2.0
Updated: Feb 2026

PrivacyRegulationIn 6clicks App

India - (DPDP) Rules — India - Digital Personal Data Protection (DPDP) Rules

The Digital Personal Data Protection Rules, 2025 operationalize India’s Digital Personal Data Protection Act, 2023 by establishing detailed requirements for the collection, processing, storage, and protection of digital personal data. The Rules define obligations for organizations handling personal data, including consent management, breach notifications, data retention, and protections for children and vulnerable individuals. They also establish governance mechanisms such as the Data Protection Board and provide a phased implementation timeline for compliance.

Issuer: Government of India
Version: 2025
Updated: Jan 2025

View detailsprivacy · cybersecurity

View detailscybersecurity · healthcare

ADHICS — Abu Dhabi Healthcare Information and Cyber Security Standard

The AAMEN programme ensures that all healthcare facilities in Abu Dhabi comply with information security and data privacy standards to safeguard patient data. It incorporates the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS) and aims to enhance cybersecurity governance, resilience, and innovation in the healthcare sector.

Issuer: Department of Health Abu Dhabi
Jurisdiction: Abu Dhabi, United Arab Emirates
Version: 2
Updated: May 2026

View detailscybersecurity · confidentiality

ITSP.10.171 — Protecting Specified Information in Non-Government of Canada Systems and Organizations

ITSP.10.171 sets out security requirements for protecting 'specified information' when it resides in non-Government of Canada systems or organizations. It aligns with NIST standards but adapts them to the Canadian regulatory environment.

Issuer: Canadian Centre for Cyber Security
Jurisdiction: Canada
Version: First release
Updated: Oct 2025