Cyber, critical infrastructure & AI standards — all in one place.
The latest standards, laws and regulations, with curated metadata, mapped controls and expert guidance from 6clicks. Built for GRC, compliance and security teams.
Browse by industry
Browse by sector. Each page shows relevant standards, laws, regulations, and frameworks.
Explore all industriesContent Library
Showing 12 of 12
ASD Essential 8 Maturity Model - 2023 — Australian Signals Directorate (ASD) Essential Eight Maturity Model 2023
The ASD Essential 8 Maturity Model is a framework developed by the Australian Signals Directorate (ASD) to guide organizations in implementing prioritized cyber security mitigation strategies. It provides structured maturity levels to help organizations progressively strengthen their defenses against common cyber threats. The model ensures consistency, accountability, and resilience by aligning practices across all eight strategies.
Australian Signals Directorate (ASD) • Australia • vNovember 2023
ISM CCM — Information Security Manual Cloud Controls Matrix Template
The Cloud Controls Matrix (CCM) Template is a comprehensive framework for mapping cloud security controls to industry standards and compliance requirements. It helps organizations assess, implement, and demonstrate effective cloud security practices across diverse environments.
Australian Government • Australia • vJune 2026
ISM SSP — Information Security Manual System Security Plan Annex Template
The System Security Plan (SSP) Annex Template is a structured document used to capture detailed information about an organization’s cyber security controls and implementation. It supports accreditation processes by providing evidence of compliance, risk management, and system-specific security measures.
Australian Government • Australia • vJune 2026
RFFR ISM SoA — Right Fit for Risk Information Security Manual Statement of Applicability
The Right Fit for Risk (RFFR) Statement of Applicability (SoA) is a structured template used to document how organizations meet cyber security accreditation requirements. It outlines applicable controls, their implementation status, and provides assurance of compliance with the RFFR framework.
Australian Government • Australia • vJune 2026
ISM — Information Security Manual
The Australian ISM is the nationally recognized cybersecurity framework developed by the Australian Signals Directorate. It provides organizations with structured guidance to safeguard information and operational technology systems against evolving cyber threats.
Australian Government • Australia • vJune 2026
Guidelines on ICT and Security Risk Management
The EBA Guidelines establish requirements for credit institutions, investment firms, and payment service providers on mitigating and managing information and communication technology (ICT) risks. They aim to ensure a consistent and robust approach to ICT and security risk management across the EU financial sector.
European Banking Authority (EBA) • European Union • v2025 update
IS18 — Information and Cyber Security Policy (IS18)
The Information and Cyber Security Policy (IS18) is a policy framework established by the Queensland Government to enhance information security and organizational resilience. It mandates the implementation of ISO 27001-based ISMS, systematic risk management, and compliance with the Australian Signals Directorate's Essential Eight Strategies for all Queensland Government agencies.
Queensland Government • Queensland, Australia • v9.0.0
FSSCP — The Financial Services Sector Cybersecurity Profile
The Financial Services Sector Cybersecurity Profile is a scalable and extensible assessment tool designed to help financial institutions manage cyber risks and demonstrate regulatory compliance. It is based on the NIST Cybersecurity Framework and offers a tailored approach to streamline cybersecurity assessments globally.
Financial Services Sector Coordinating Council (FSSCC) • Global
SMB1001 — SMB1001 Cybersecurity Standard
The SMB1001 Cybersecurity Standard provides small and medium-sized businesses, including law firms, with a clear and achievable framework to enhance their cybersecurity defenses and demonstrate due diligence. It aims to help practitioners protect client confidentiality, reduce cyber risks, and meet stakeholder requirements.
Dynamic Standards International (DSI) • Australia • v2026
AESCSF v2 Core — Australian Energy Sector Cyber Security Framework
The Australian Energy Sector Cyber Security Framework (AESCSF) provides a structured approach for managing cybersecurity risks specific to the energy sector. Version 2 introduces updates and refinements to address evolving threats and ensure resilience.
Australian Energy Market Operator (AEMO) • Australia • v2.0
CPS 232 — Prudential Standard CPS 232 Business Continuity Management
CPS 232 is an Australian Prudential Standard that outlines the requirements for regulated entities to maintain and manage effective business continuity plans. It ensures that entities are prepared to address and recover from disruptions to their operations.
Australian Prudential Regulation Authority (APRA) • Australia
CPS 230 — Prudential Standard CPS 230 Operational Risk Management
CPS 230 sets out requirements for APRA-regulated entities to effectively manage operational risks. It covers obligations on governance, risk frameworks, and risk controls to ensure resilience against operational disruptions.
Australian Prudential Regulation Authority (APRA) • Australia
Ready to manage these frameworks?
6clicks maps regulations to controls, evidence and risks — automatically.