The frameworks that govern
Australian cybersecurity.
A concise reference to the frameworks Vectra assesses and builds programs against - what each one is, who it applies to, and where the authoritative source sits. For the regulatory detail you should treat the issuing body's publication as the definitive word; the pages here are our field notes, not legal advice.
Australian Government
Mandatory for Commonwealth entities; widely adopted across state, territory and regulated private sector.
Essential Eight
The eight baseline mitigation strategies the ASD considers most effective against targeted cyber intrusion.
Information Security Manual
The ASD's cybersecurity framework used by Australian Government agencies to protect their information and systems.
Protective Security Policy Framework
The framework that sets how Commonwealth entities protect people, information and assets from trusted-insider and external threats.
Information Security Registered Assessors Program
The ASD-endorsed program that certifies cybersecurity professionals to assess ICT systems against the ISM.
Privacy Act & Australian Privacy Principles
The 13 Australian Privacy Principles (APPs) govern how APP entities handle personal information under the Privacy Act.
Notifiable Data Breaches Scheme
Mandatory notification of eligible data breaches likely to result in serious harm to any affected individual.
Critical Infrastructure
Obligations under the SOCI Act and sector-specific overlays for energy, water, transport, healthcare and communications.
Security of Critical Infrastructure Act
The legislative framework that imposes cyber-security and risk-management obligations on responsible entities across 11 critical-infrastructure sectors.
Critical Infrastructure Risk Management Program
The risk-management program that responsible entities must establish under the SOCI Act across cyber, personnel, physical and supply-chain hazards.
Australian Energy Sector Cyber Security Framework
A tailored assessment framework used across the Australian electricity, gas and liquid-fuels sectors to measure cyber-security maturity.
IEC 62443 Industrial Automation and Control Systems Security
The international standard series for securing industrial automation and control systems (IACS) across the IT/OT boundary.
Financial Services
Prudential standards for ADIs, insurers, superannuation trustees and RSE licensees, plus payment-scheme overlays.
APRA Prudential Standard CPS 234
APRA's information-security prudential standard requiring regulated entities to maintain information-security capability commensurate with the threats they face.
APRA Prudential Standard CPS 230
APRA's operational-risk-management standard, including business continuity and service-provider management obligations.
SWIFT Customer Security Controls Framework
The mandatory and advisory security controls that SWIFT users must implement and self-attest against each year.
Global Standards
ISO, IEC and NIST frameworks widely adopted in Australia and commonly accepted as CIRMP-equivalent.
ISO/IEC 27001 Information Security Management
The international standard for information-security management systems (ISMS), certifiable by accredited certification bodies.
NIST Cybersecurity Framework
A risk-based framework structured around six functions - Govern, Identify, Protect, Detect, Respond and Recover.
Payment Card Industry Data Security Standard
The global standard that sets security requirements for any entity that stores, processes or transmits payment-card data.
Security, engineered around you.
Talk to an engineer - not a call centre. Most Vectra conversations start with a 30-minute technical briefing and end with a written plan.