Cyber, critical infrastructure & AI standards — all in one place.
The latest standards, laws and regulations, with curated metadata, mapped controls and expert guidance from 6clicks. Built for GRC, compliance and security teams.
All content · 13 items
IS18 — Information and Cyber Security Policy (IS18)
The Information and Cyber Security Policy (IS18) is a policy framework established by the Queensland Government to enhance information security and organizational resilience. It mandates the implementation of ISO 27001-based ISMS, systematic risk management, and compliance with the Australian Signals Directorate's Essential Eight Strategies for all Queensland Government agencies.
- Issuer
- Queensland Government
- Jurisdiction
- Queensland, Australia
- Version
- 9.0.0
- Updated
- Jan 2026
ISO/IEC 27001:2022 — ISO/IEC 27001:2022 - Information security, cybersecurity and privacy protection — Information security management systems — Requirements
ISO/IEC 27001:2022 is an international standard defining requirements for an information security management system (ISMS). It helps organizations establish, implement, maintain, and continually improve their information security processes to manage data-related risks.
- Issuer
- ISO/IEC
- Jurisdiction
- Global
- Version
- 2022
PDSP — Protective Data Security Plan (PDSP) Single organisation PDSP form Version 3.7
Victorian public sector bodies are required to report on their information security practices to the Office of the Victorian Information Commissioner (OVIC). This includes submitting Protective Data Security Plans (PDSPs), annual attestations, and notifying OVIC of security incidents as outlined under the Victorian Protective Data Security Framework and Standards (VPDSF, VPDSS).
- Issuer
- Office of the Victorian Information Commissioner (OVIC)
- Jurisdiction
- Victoria, Australia
- Version
- 3.7
- Updated
- Jan 2026
CMMC — Cybersecurity Maturity Model Certification
The Cybersecurity Maturity Model Certification (CMMC) Assessment Guide defines how organizations are evaluated for compliance with cybersecurity requirements when working with the U.S. Department of Defense. It outlines assessment methods, evidence expectations, and control validation aligned with standards like NIST SP 800-171. The guide ensures consistent and rigorous verification of an organization’s ability to protect sensitive information.
- Issuer
- US Government
- Jurisdiction
- United States
- Version
- 2.13
CPG 234 — CPG 234 Information Security
This standard provides information security guidance for Australian financial institutions regulated by APRA. It aims to ensure operational resilience and protect against information security threats.
- Issuer
- Australian Prudential Regulation Authority (APRA)
- Jurisdiction
- Australia
- Version
- June 2019
- Updated
- Jun 2019
Privacy and Data Protection Act 2014 — Privacy and Data Protection Act 2014 Version No. 032
The Privacy and Data Protection Act 2014 establishes a framework for protecting personal information and ensuring data security within the State of Victoria, Australia. It sets out responsibilities for Victorian public sector agencies regarding personal data handling and protections.
- Issuer
- Victorian Government
- Jurisdiction
- Victoria, Australia
- Version
- Version No. 032
- Updated
- May 2026
Commission Implementing Regulation (EU) 2023/203
This regulation outlines requirements for the management of information security risks that could impact aviation safety. It applies to organisations and competent authorities operating in the aviation sector to ensure secure operations.
- Issuer
- European Union Aviation Safety Agency (EASA)
- Jurisdiction
- European Union
- Version
- 2023/203
ISO/IEC 27001:2013 — ISO/IEC 27001:2013 - Information technology — Security techniques — Information security management systems — Requirements
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). It also includes guidelines for assessing and addressing information security risks in organizations.
- Issuer
- ISO/IEC
- Jurisdiction
- Global
- Version
- 2013
EU Regulation 2022/1645 — Commission Delegated Regulation (EU) 2022/1645
EU Regulation 2022/1645 establishes mandatory cybersecurity management requirements for Part 21 Design Organisations (DOs) and Production Organisations (POs) in the aviation sector. It introduces the implementation of an Information Security Management System (ISMS) to protect critical systems, data, and processes from cyber threats.
- Issuer
- European Commission
- Jurisdiction
- European Union
- Updated
- Jan 2022
ECC 2-2024 — Essential Cybersecurity Controls
The Essential Cybersecurity Controls (ECC 2-2024) aim to enhance cybersecurity at the national level in Saudi Arabia. They provide policies and controls to protect the information and technological assets of national entities.
- Issuer
- National Cybersecurity Authority
- Jurisdiction
- Kingdom of Saudi Arabia
- Version
- 2-2024
- Updated
- Apr 2026
CCM v4.0 — Cloud Controls Matrix v4.0
The Cloud Controls Matrix (CCM) v4 is a meta-framework of cloud-specific security controls designed to provide clarity and structure for information security in cloud computing environments. It includes mappings to leading standards, best practices, and regulations.
- Issuer
- Cloud Security Alliance (CSA)
- Version
- 4.0
ADHICS — Abu Dhabi Healthcare Information and Cyber Security Standard
The AAMEN programme ensures that all healthcare facilities in Abu Dhabi comply with information security and data privacy standards to safeguard patient data. It incorporates the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS) and aims to enhance cybersecurity governance, resilience, and innovation in the healthcare sector.
- Issuer
- Department of Health Abu Dhabi
- Jurisdiction
- Abu Dhabi, United Arab Emirates
- Version
- 2
- Updated
- May 2026
NIST SP 800-39 — NIST Special Publication 800-39 - Managing Information Security Risk: Organization, Mission, and Information System View
NIST SP 800-39 provides guidance for developing an organization-wide program to manage information security risk. It introduces a structured yet flexible framework for assessing, responding to, and monitoring risks associated with federal information systems.
- Issuer
- National Institute of Standards and Technology (NIST)
- Jurisdiction
- United States
- Updated
- Mar 2011
Looking for sector-specific guidance?
Each industry page bundles the standards that matter most for that sector, with expert commentary and links to the 6clicks platform.
Complex Enterprise
6clicks scales across subsidiaries, sites, and jurisdictions, and connects to the legacy, OT, and hybrid environments other GRC platforms can't reach.
See standardsCritical Infraustructure
Critical infrastructure spans the energy, water, transport, healthcare, and communications sectors whose disruption would impact national security, safety, and the economy.
See standardsDefense
6clicks deploys inside classified and air-gapped environments, meets strict data handling requirements, and keeps your program audit-ready.
See standardsEnvironment
Addresses environmental protection, sustainability, and regulatory compliance related to ecological impact and resource management.
See standardsFinance Sector
Pertains to banking, insurance, and financial services, focusing on regulatory compliance, risk management, and financial integrity.
See standardsGovernment
See standardsReady to operationalize these standards?
The 6clicks platform maps these regulations to controls, evidence and risks — automatically.