AESCSF framework and resources
The Australian Energy Sector Cyber Security Framework (AESCSF) has been developed through collaboration with industry and government stakeholders, including the Australian Energy Market Operator (AEMO), Australian Cyber Security Centre (ACSC), Critical Infrastructure Centre (CIC), and the Cyber Security Industry Working Group (CSIWG), which includes representatives from Australian energy organisations.
The AESCSF leverages recognised industry frameworks such as the US Department of Energy’s Cybersecurity Capability Maturity Model (ES-C2M2) and the NIST Cyber Security Framework (CSF), and references global best-practice control standards (e.g. ISO/IEC 27001, NIST SP 800-53, COBIT, etc.). The AESCSF also incorporates Australian-specific control references, such as the ACSC Essential 8 Strategies to Mitigate Cyber Security Incidents, the Australian Privacy Principles, and the Notifiable Data Breaches scheme (NDB).
While there have been no major changes from the inaugural AESCSF assessment, important lessons learnt from the 2018 and 2019 assessment process and feedback attained from participating members have been utilised in updating the 2020-21 version of the AESCSF.
AESCSF 2020-21 Resource Downloads:
-
19/05/2021
The 2020-21 AESCSF Overview
488.14 KB -
26/05/2021
The 2020-21 AESCSF Framework Core
167.19 KB -
11/06/2021
The 2020-21 AESCSF Electricity Criticality Assessment Tool (E-CAT)
557.83 KB -
11/06/2021
The 2020-21 AESCSF Gas Criticality Assessment Tool (G-CAT)
558.25 KB -
04/06/2021
The 2020-21 AESCSF Education Workshop Pack
1.86 MB -
19/05/2021
The 2020-21 AESCSF Quick Reference Guide
627.06 KB -
26/05/2021
The 2020-21 AESCSF Lite Framework
2.86 MB -
26/05/2021
The 2020-21 AESCSF Glossary
577.66 KB
Please check back as additional supporting resources including the AESCSF CAT and ‘Education Workshop Video’ will be added through early June.