Compliance standards for Critical infrastructure

Critical infrastructure spans the energy, water, transport, healthcare, and communications sectors whose disruption would impact national security, safety, and the economy. Updated continuously, with mapped controls and expert guidance from 6clicks.

17 items

All Critical infrastructure content · 17 items

CybersecurityFrameworkStandard

CCM v4.1 — Cloud Controls Matrix v4.1

The Cloud Controls Matrix (CCM) v4.1 is a cybersecurity control framework that consists of 207 controls across 17 security domains, specifically tailored for cloud security and privacy. The Consensus Assessment Initiative Questionnaire (CAIQ) accompanies the CCM, offering a set of assessment questions to evaluate security controls.

Cloud Security Alliance (CSA) • v4.1

View details
CybersecurityStandard

ASD Essential 8 Maturity Model - 2023 — Australian Signals Directorate (ASD) Essential Eight Maturity Model 2023

The ASD Essential 8 Maturity Model is a framework developed by the Australian Signals Directorate (ASD) to guide organizations in implementing prioritized cyber security mitigation strategies. It provides structured maturity levels to help organizations progressively strengthen their defenses against common cyber threats. The model ensures consistency, accountability, and resilience by aligning practices across all eight strategies.

Australian Signals Directorate (ASD) • Australia • vNovember 2023

View details
CybersecurityStandard

Cyber Essentials Danzell Question Set — Cyber Essentials Question Set v3.3 (Danzell) April 2026

Cyber Essentials: Requirements for IT Infrastructure v3.3 Question Set is a structured self-assessment designed to help organizations evaluate their cyber security practices. It focuses on five key technical control areas—firewalls, secure configuration, user access control, malware protection, and patch management. By completing the question set, organizations can demonstrate compliance with baseline security standards and strengthen resilience against common cyber threats.

National Cyber Security Centre (NCSC) • v3.3

View details
CybersecurityStandard

Cyber Essentials v3.3 — Cyber Essentials: Requirements for IT Infrastructure

Cyber Essentials v3.3 is a UK government-backed cybersecurity scheme defining baseline security measures for businesses. The update, effective from 26th April 2026, refines requirements to close ambiguities and enforce stricter compliance on cloud services, MFA, and endpoint protection.

NCSC (National Cyber Security Centre) • United Kingdom • v3.3

View details
CybersecurityStandard

ISO/IEC 27018:2025 — ISO/IEC 27018:2025 Information security, cybersecurity and privacy protection — Guidelines for protection of personally identifiable information (PII) in public clouds acting as PII processors

ISO/IEC 27018:2025 is the global standard for managing personally identifiable information (PII) in public cloud services. It provides cloud providers with a framework to ensure privacy, security, and compliance when processing customer data.

International Organization for Standardization (ISO) • v2025

View details
CybersecurityRegulation

ISM SSP — Information Security Manual System Security Plan Annex Template

The System Security Plan (SSP) Annex Template is a structured document used to capture detailed information about an organization’s cyber security controls and implementation. It supports accreditation processes by providing evidence of compliance, risk management, and system-specific security measures.

Australian Government • Australia • vJune 2026

View details
CybersecurityRegulation

RFFR ISM SoA — Right Fit for Risk Information Security Manual Statement of Applicability

The Right Fit for Risk (RFFR) Statement of Applicability (SoA) is a structured template used to document how organizations meet cyber security accreditation requirements. It outlines applicable controls, their implementation status, and provides assurance of compliance with the RFFR framework.

Australian Government • Australia • vJune 2026

View details
CybersecurityRegulation

ISM — Information Security Manual

The Australian ISM is the nationally recognized cybersecurity framework developed by the Australian Signals Directorate. It provides organizations with structured guidance to safeguard information and operational technology systems against evolving cyber threats.

Australian Government • Australia • vJune 2026

View details
GRCStandard

ISO 14001 — ISO 14001:2026 - Environmental management systems

ISO 14001:2026 is the internationally recognized standard for environmental management systems (EMS). It offers a framework for organizations to improve environmental performance through methods including resource optimization, waste management, and stakeholder engagement.

International Organization for Standardization (ISO) • v2026

View details
Critical InfrastructureLaw

SOCIA 2018 — Security of Critical Infrastructure Act 2018

The Security of Critical Infrastructure Act 2018 (SOCIA) establishes a regulatory framework for managing national security risks to Australia’s critical infrastructure sectors. It introduces statutory obligations, reporting requirements, and oversight mechanisms for critical assets.

Australian Department of Home Affairs • Australia • vNo. 29, 2018

View details
CybersecurityFramework

C2M2 — Cybersecurity Capability Maturity Model

The Cybersecurity Capability Maturity Model (C2M2) is a tool developed by the U.S. Department of Energy to help organizations evaluate and enhance their cybersecurity capabilities. It focuses on both IT and OT environments, offering a structured framework of over 350 practices organized into 10 domains.

U.S. Department of Energy • United States • v2.1

View details
CybersecurityControl set

ECC 2-2024 — Essential Cybersecurity Controls

The Essential Cybersecurity Controls (ECC 2-2024) aim to enhance cybersecurity at the national level in Saudi Arabia. They provide policies and controls to protect the information and technological assets of national entities.

National Cybersecurity Authority • Kingdom of Saudi Arabia • v2-2024

View details
CybersecurityControl set

DCC-1:2022 — Data Cybersecurity Controls

The Data Cybersecurity Controls (DCC-1:2022) establish minimum cybersecurity requirements to protect data throughout its lifecycle. Issued by the Saudi National Cybersecurity Authority, the controls build on existing cybersecurity frameworks to enhance the Kingdom's overall cybersecurity maturity.

National Cybersecurity Authority (NCA) • Kingdom of Saudi Arabia • v1:2022

View details
Critical InfrastructureRegulation

EU Regulation 2022/1645 — Commission Delegated Regulation (EU) 2022/1645

EU Regulation 2022/1645 establishes mandatory cybersecurity management requirements for Part 21 Design Organisations (DOs) and Production Organisations (POs) in the aviation sector. It introduces the implementation of an Information Security Management System (ISMS) to protect critical systems, data, and processes from cyber threats.

European Commission • European Union

View details
Critical InfrastructureLaw

Renewable Energy (Electricity) Act 2000

The Renewable Energy (Electricity) Act 2000 establishes a legal framework to encourage the generation of electricity from renewable energy sources in Australia. It creates a system for renewable energy certificates and mandates a Renewable Power Percentage to ensure participation by electricity retailers.

Australian Government • Australia

View details
CybersecurityFramework

AESCSF v2 Core — Australian Energy Sector Cyber Security Framework

The Australian Energy Sector Cyber Security Framework (AESCSF) provides a structured approach for managing cybersecurity risks specific to the energy sector. Version 2 introduces updates and refinements to address evolving threats and ensure resilience.

Australian Energy Market Operator (AEMO) • Australia • v2.0

View details
PrivacyRegulation

CDR Energy Sector Designation 2020 — Consumer Data Right (Energy Sector) Designation 2020

This legislative instrument designates the Australian energy sector under the Consumer Data Right (CDR) framework. It specifies the types of data, entities, and arrangements covered by CDR for energy consumers.

Australian Government • Australia • v26 June 2020

View details

Manage Critical infrastructure compliance with 6clicks

The 6clicks platform maps these regulations to controls, evidence and risks — automatically.