Cyber, critical infrastructure & AI standards — all in one place.
The latest standards, laws and regulations, with curated metadata, mapped controls and expert guidance from 6clicks. Built for GRC, compliance and security teams.
Browse by industry
Browse by sector. Each page shows relevant standards, laws, regulations, and frameworks.
Explore all industriesContent Library
Showing 20 of 48
India - (DPDP) Rules — India - Digital Personal Data Protection (DPDP) Rules
The Digital Personal Data Protection Rules, 2025 operationalize India’s Digital Personal Data Protection Act, 2023 by establishing detailed requirements for the collection, processing, storage, and protection of digital personal data. The Rules define obligations for organizations handling personal data, including consent management, breach notifications, data retention, and protections for children and vulnerable individuals. They also establish governance mechanisms such as the Data Protection Board and provide a phased implementation timeline for compliance.
Government of India • v2025
India - PDPD Act — India - Digital Personal Data Protection (PDPD) Act (Act No. 22 of 2023)
The Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023) establishes India’s legal framework for processing digital personal data while balancing individuals’ privacy rights with lawful data use. The Act defines obligations for organizations handling personal data, grants rights and duties to individuals, and introduces requirements for consent, data protection, and breach accountability. It also establishes the Data Protection Board of India to oversee compliance, adjudication, and enforcement of penalties for violations.
Government of India • India • v2023
Safe & Trusted Internet — Guidelines on Information Security Practices for Government Entities
The Safe & Trusted Internet Guidelines on Information Security Practices for Government Entities, issued by the Indian Computer Emergency Response Team (CERT-In), establish baseline cyber security controls and best practices to help government entities protect ICT infrastructure, systems, networks, and data against evolving cyber threats and strengthen India’s digital security posture.
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India • India
PDSP — Protective Data Security Plan (PDSP) Single organisation PDSP form Version 3.7
Victorian public sector bodies are required to report on their information security practices to the Office of the Victorian Information Commissioner (OVIC). This includes submitting Protective Data Security Plans (PDSPs), annual attestations, and notifying OVIC of security incidents as outlined under the Victorian Protective Data Security Framework and Standards (VPDSF, VPDSS).
Office of the Victorian Information Commissioner (OVIC) • Victoria, Australia • v3.7
SOCIA 2018 — Security of Critical Infrastructure Act 2018
The Security of Critical Infrastructure Act 2018 (SOCIA) establishes a regulatory framework for managing national security risks to Australia’s critical infrastructure sectors. It introduces statutory obligations, reporting requirements, and oversight mechanisms for critical assets.
Australian Department of Home Affairs • Australia • vNo. 29, 2018
CISA ZTMM V2 — CISA Zero Trust Maturity Model V2
The CISA Zero Trust Maturity Model V2 provides a structured roadmap for organizations implementing a zero trust architecture. It outlines five key pillars and associated maturity levels to guide strategies and execution.
US Department of Homeland Security (DHS) • United States • v2
Guidelines on ICT and Security Risk Management
The EBA Guidelines establish requirements for credit institutions, investment firms, and payment service providers on mitigating and managing information and communication technology (ICT) risks. They aim to ensure a consistent and robust approach to ICT and security risk management across the EU financial sector.
European Banking Authority (EBA) • European Union • v2025 update
C2M2 — Cybersecurity Capability Maturity Model
The Cybersecurity Capability Maturity Model (C2M2) is a tool developed by the U.S. Department of Energy to help organizations evaluate and enhance their cybersecurity capabilities. It focuses on both IT and OT environments, offering a structured framework of over 350 practices organized into 10 domains.
U.S. Department of Energy • United States • v2.1
ECC 2-2024 — Essential Cybersecurity Controls
The Essential Cybersecurity Controls (ECC 2-2024) aim to enhance cybersecurity at the national level in Saudi Arabia. They provide policies and controls to protect the information and technological assets of national entities.
National Cybersecurity Authority • Kingdom of Saudi Arabia • v2-2024
DCC-1:2022 — Data Cybersecurity Controls
The Data Cybersecurity Controls (DCC-1:2022) establish minimum cybersecurity requirements to protect data throughout its lifecycle. Issued by the Saudi National Cybersecurity Authority, the controls build on existing cybersecurity frameworks to enhance the Kingdom's overall cybersecurity maturity.
National Cybersecurity Authority (NCA) • Kingdom of Saudi Arabia • v1:2022
CIS Controls v8.1 — CIS Critical Security Controls Version 8.1
The CIS Critical Security Controls Version 8.1 is a prioritized set of cybersecurity best practices designed to defend against common cyber threats to systems and networks. It includes updates to align with evolving industry standards and frameworks, such as NIST CSF 2.0.
Center for Internet Security (CIS) • v8.1
CCM v4.0 — Cloud Controls Matrix v4.0
The Cloud Controls Matrix (CCM) v4 is a meta-framework of cloud-specific security controls designed to provide clarity and structure for information security in cloud computing environments. It includes mappings to leading standards, best practices, and regulations.
Cloud Security Alliance (CSA) • v4.0
IS18 — Information and Cyber Security Policy (IS18)
The Information and Cyber Security Policy (IS18) is a policy framework established by the Queensland Government to enhance information security and organizational resilience. It mandates the implementation of ISO 27001-based ISMS, systematic risk management, and compliance with the Australian Signals Directorate's Essential Eight Strategies for all Queensland Government agencies.
Queensland Government • Queensland, Australia • v9.0.0
CSA IoT Controls — CSA IoT Security Controls Framework
The CSA IoT Security Controls Framework provides essential security controls to mitigate risks in IoT systems that include various connected devices, cloud services, and networks. It is designed to apply to a range of IoT systems, from handling low-value data to supporting critical services.
Cloud Security Alliance (CSA) • v2
PCI DSS — PCI Data Security Standard (PCI DSS)
The PCI Data Security Standard (PCI DSS) is a global security standard designed to protect payment card account data. It establishes technical and operational security requirements for organizations that handle cardholder data.
PCI Security Standards Council • v4.x
EU Regulation 2022/1645 — Commission Delegated Regulation (EU) 2022/1645
EU Regulation 2022/1645 establishes mandatory cybersecurity management requirements for Part 21 Design Organisations (DOs) and Production Organisations (POs) in the aviation sector. It introduces the implementation of an Information Security Management System (ISMS) to protect critical systems, data, and processes from cyber threats.
European Commission • European Union
OWASP ASVS — OWASP Application Security Verification Standard
The OWASP Application Security Verification Standard (ASVS) is an open standard for testing and verifying the security of web applications. It provides developers with a comprehensive list of requirements for secure development and helps establish confidence in application security.
OWASP Foundation • v4.0.2
COBIT 2019 — COBIT 2019 Framework
The COBIT 2019 Framework, developed by ISACA, is a globally recognized standard for optimizing enterprise IT governance and management. It provides flexible, detailed guidance for organizations aiming to achieve effective governance over information and technology.
ISACA • v2019
CMMC — Cybersecurity Maturity Model Certification
The Cybersecurity Maturity Model Certification (CMMC) Assessment Guide defines how organizations are evaluated for compliance with cybersecurity requirements when working with the U.S. Department of Defense. It outlines assessment methods, evidence expectations, and control validation aligned with standards like NIST SP 800-171. The guide ensures consistent and rigorous verification of an organization’s ability to protect sensitive information.
US Government • United States • v2.13
SOC2 — SOC2 Trusted Services Criteria
SOC 2 is a framework for managing and reporting on controls at service organizations relevant to security, availability, processing integrity, confidentiality, and privacy. It aims to provide detailed information and assurance to stakeholders about how these controls are implemented to protect user data.
American Institute of Certified Public Accountants (AICPA) • United States
Ready to operationalize these standards?
6clicks maps regulations to controls, evidence and risks automatically.