Cyber, critical infrastructure & AI standards — all in one place.
The latest standards, laws and regulations, with curated metadata, mapped controls and expert guidance from 6clicks. Built for GRC, compliance and security teams.
All content · 25 items
CCM v4.0 — Cloud Controls Matrix v4.0
The Cloud Controls Matrix (CCM) v4 is a meta-framework of cloud-specific security controls designed to provide clarity and structure for information security in cloud computing environments. It includes mappings to leading standards, best practices, and regulations.
- Issuer
- Cloud Security Alliance (CSA)
- Version
- 4.0
IS18 — Information and Cyber Security Policy (IS18)
The Information and Cyber Security Policy (IS18) is a policy framework established by the Queensland Government to enhance information security and organizational resilience. It mandates the implementation of ISO 27001-based ISMS, systematic risk management, and compliance with the Australian Signals Directorate's Essential Eight Strategies for all Queensland Government agencies.
- Issuer
- Queensland Government
- Jurisdiction
- Queensland, Australia
- Version
- 9.0.0
- Updated
- Jan 2026
CPS 231 — Prudential Standard CPS 231 Outsourcing
The Prudential Standard CPS 231 establishes requirements for outsourcing arrangements by financial institutions regulated by the Australian Prudential Regulation Authority (APRA). It aims to ensure that risks associated with outsourcing are effectively managed.
- Issuer
- Australian Prudential Regulation Authority (APRA)
- Jurisdiction
- Australia
- Updated
- Jul 2017
C2M2 — Cybersecurity Capability Maturity Model
The Cybersecurity Capability Maturity Model (C2M2) is a tool developed by the U.S. Department of Energy to help organizations evaluate and enhance their cybersecurity capabilities. It focuses on both IT and OT environments, offering a structured framework of over 350 practices organized into 10 domains.
- Issuer
- U.S. Department of Energy
- Jurisdiction
- United States
- Version
- 2.1
- Updated
- Jun 2022
NIST SP 800-161 Rev. 1 — NIST Special Publication 800-161 Rev. 1 - Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
This publication provides guidance on identifying, assessing, and mitigating cybersecurity risks throughout the supply chain. It integrates Cybersecurity Supply Chain Risk Management (C-SCRM) practices into organizational risk management processes.
- Issuer
- National Institute of Standards and Technology (NIST)
- Jurisdiction
- United States
- Version
- Rev. 1, Update 1
ISO/IEC 42001 — ISO/IEC 42001:2023 - Artificial Intelligence Management System
ISO/IEC 42001:2023 is the first international standard for Artificial Intelligence Management Systems (AIMS). It provides requirements for establishing, implementing, maintaining, and improving AIMS, focusing on the responsible use, governance, and risk management of AI across organizations.
- Issuer
- ISO/IEC
- Version
- 2023
- Updated
- Dec 2023
Safe & Trusted Internet — Guidelines on Information Security Practices for Government Entities
The Safe & Trusted Internet Guidelines on Information Security Practices for Government Entities, issued by the Indian Computer Emergency Response Team (CERT-In), establish baseline cyber security controls and best practices to help government entities protect ICT infrastructure, systems, networks, and data against evolving cyber threats and strengthen India’s digital security posture.
- Issuer
- Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India
- Jurisdiction
- India
CPS 230 — Prudential Standard CPS 230 Operational Risk Management
CPS 230 sets out requirements for APRA-regulated entities to effectively manage operational risks. It covers obligations on governance, risk frameworks, and risk controls to ensure resilience against operational disruptions.
- Issuer
- Australian Prudential Regulation Authority (APRA)
- Jurisdiction
- Australia
- Updated
- Jul 2023
RG 259 — RG 259 Risk management systems of fund operators
This regulatory guide provides specific guidance for Australian financial services (AFS) licensees that are responsible entities or corporate directors (fund operators) on how to comply with their obligation under s912A(1)(h) of the Corporations Act 2001 to maintain adequate risk management systems.
- Issuer
- Australian Securities and Investments Commission (ASIC)
- Jurisdiction
- Australia
ISO/IEC 27001:2013 — ISO/IEC 27001:2013 - Information technology — Security techniques — Information security management systems — Requirements
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). It also includes guidelines for assessing and addressing information security risks in organizations.
- Issuer
- ISO/IEC
- Jurisdiction
- Global
- Version
- 2013
SCF — Secure Controls Framework
The Secure Controls Framework (SCF) is a comprehensive, free cybersecurity and data privacy metaframework designed to simplify compliance and build secure, resilient organizations. It unifies control sets to simultaneously meet compliance requirements across multiple laws, regulations, and frameworks.
- Issuer
- Secure Controls Framework (SCF) Council
- Version
- 2023.2
AIUC-1 — AIUC-1
AIUC-1 is a standard focused on the security, safety, and reliability of AI agents used in enterprises. It addresses risks related to data privacy, security, accountability, and societal concerns while providing certification for compliant organizations.
- Issuer
- Artificial Intelligence Underwriting Company (AIUC)
- Version
- April 15, 2026
UAE IA V2 — UAE Information Assurance Standard Version 2
The UAE Information Assurance Standard Version 2 (UAE IA V2) is a national cybersecurity framework issued by the UAE Cyber Security Council in 2025. It builds upon the previous version with updated controls and integrations to address modern technologies, such as AI/ML, IoT, cloud, and post-quantum cryptography.
- Issuer
- UAE Cyber Security Council
- Jurisdiction
- United Arab Emirates
- Version
- 2.0
- Updated
- Oct 2025
SOCIA 2018 — Security of Critical Infrastructure Act 2018
The Security of Critical Infrastructure Act 2018 (SOCIA) establishes a regulatory framework for managing national security risks to Australia’s critical infrastructure sectors. It introduces statutory obligations, reporting requirements, and oversight mechanisms for critical assets.
- Issuer
- Australian Department of Home Affairs
- Jurisdiction
- Australia
- Version
- No. 29, 2018
ISO 45001 — ISO 45001:2018 - Occupational Health and Safety Management Systems — Requirements with Guidance for Use
ISO 45001:2018 is an international standard that specifies requirements for an occupational health and safety (OH&S) management system. It helps organizations improve workplace safety, reduce risks, and enhance overall OH&S performance.
- Issuer
- International Organization for Standardization (ISO)
- Version
- 2018
- Updated
- May 2024
VPDSS 2.0 — Victorian Protective Data Security Standards V2.0
The Victorian Protective Data Security Standards (VPDSS) establish 12 high-level mandatory requirements for the protection of public sector information in Victoria, Australia. These requirements cover governance, information, personnel, ICT, and physical security, focusing on a risk-managed approach tailored to the Victorian government context.
- Issuer
- Office of the Victorian Information Commissioner (OVIC)
- Jurisdiction
- Victoria, Australia
- Version
- 2.0
- Updated
- Oct 2019
COBIT 2019 — COBIT 2019 Framework
The COBIT 2019 Framework, developed by ISACA, is a globally recognized standard for optimizing enterprise IT governance and management. It provides flexible, detailed guidance for organizations aiming to achieve effective governance over information and technology.
- Issuer
- ISACA
- Version
- 2019
ISO/IEC 27001:2022 — ISO/IEC 27001:2022 - Information security, cybersecurity and privacy protection — Information security management systems — Requirements
ISO/IEC 27001:2022 is an international standard defining requirements for an information security management system (ISMS). It helps organizations establish, implement, maintain, and continually improve their information security processes to manage data-related risks.
- Issuer
- ISO/IEC
- Jurisdiction
- Global
- Version
- 2022
NIST SP 800-39 — NIST Special Publication 800-39 - Managing Information Security Risk: Organization, Mission, and Information System View
NIST SP 800-39 provides guidance for developing an organization-wide program to manage information security risk. It introduces a structured yet flexible framework for assessing, responding to, and monitoring risks associated with federal information systems.
- Issuer
- National Institute of Standards and Technology (NIST)
- Jurisdiction
- United States
- Updated
- Mar 2011
NIST CSF 2.0 — NIST Cybersecurity Framework 2.0
The NIST Cybersecurity Framework 2.0 is a comprehensive framework to help organizations manage and reduce cybersecurity risks. It provides guidelines, tools, and resources for improving cybersecurity practices across diverse sectors.
- Issuer
- National Institute of Standards and Technology (NIST)
- Jurisdiction
- United States
- Version
- 2.0
- Updated
- Feb 2026
India - (DPDP) Rules — India - Digital Personal Data Protection (DPDP) Rules
The Digital Personal Data Protection Rules, 2025 operationalize India’s Digital Personal Data Protection Act, 2023 by establishing detailed requirements for the collection, processing, storage, and protection of digital personal data. The Rules define obligations for organizations handling personal data, including consent management, breach notifications, data retention, and protections for children and vulnerable individuals. They also establish governance mechanisms such as the Data Protection Board and provide a phased implementation timeline for compliance.
- Issuer
- Government of India
- Version
- 2025
- Updated
- Jan 2025
CPS 220 — Prudential Standard CPS 220 Risk Management
CPS 220 is a prudential standard issued by the Australian Prudential Regulation Authority (APRA) outlining risk management requirements for regulated entities. It establishes standards for institutions to identify, assess, and manage risks effectively to ensure financial stability and compliance.
- Issuer
- Australian Prudential Regulation Authority (APRA)
- Jurisdiction
- Australia
- Updated
- Jul 2017
ADHICS — Abu Dhabi Healthcare Information and Cyber Security Standard
The AAMEN programme ensures that all healthcare facilities in Abu Dhabi comply with information security and data privacy standards to safeguard patient data. It incorporates the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS) and aims to enhance cybersecurity governance, resilience, and innovation in the healthcare sector.
- Issuer
- Department of Health Abu Dhabi
- Jurisdiction
- Abu Dhabi, United Arab Emirates
- Version
- 2
- Updated
- May 2026
Commission Implementing Regulation (EU) 2023/203
This regulation outlines requirements for the management of information security risks that could impact aviation safety. It applies to organisations and competent authorities operating in the aviation sector to ensure secure operations.
- Issuer
- European Union Aviation Safety Agency (EASA)
- Jurisdiction
- European Union
- Version
- 2023/203
India - PDPD Act — India - Digital Personal Data Protection (PDPD) Act (Act No. 22 of 2023)
The Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023) establishes India’s legal framework for processing digital personal data while balancing individuals’ privacy rights with lawful data use. The Act defines obligations for organizations handling personal data, grants rights and duties to individuals, and introduces requirements for consent, data protection, and breach accountability. It also establishes the Data Protection Board of India to oversee compliance, adjudication, and enforcement of penalties for violations.
- Issuer
- Government of India
- Jurisdiction
- India
- Version
- 2023
- Updated
- Aug 2023
Looking for sector-specific guidance?
Each industry page bundles the standards that matter most for that sector, with expert commentary and links to the 6clicks platform.
Critical Infraustructure
Critical infrastructure spans the energy, water, transport, healthcare, and communications sectors whose disruption would impact national security, safety, and the economy.
See itemsDefense
6clicks deploys inside classified and air-gapped environments, meets strict data handling requirements, and keeps your program audit-ready.
See itemsFinance Sector
Pertains to banking, insurance, and financial services, focusing on regulatory compliance, risk management, and financial integrity.
See itemsGovernment
See itemsReady to operationalize these standards?
The 6clicks platform maps these regulations to controls, evidence and risks — automatically.