AESCSF Framework and Resources
The Australian Energy Sector Cyber Security Framework (AESCSF) has been developed through collaboration with industry and government stakeholders, including the Australian Energy Market Operator (AEMO), Australian Cyber Security Centre (ACSC), Critical Infrastructure Centre (CIC), and the Cyber Security Industry Working Group (CSIWG), which includes representatives from Australian energy organisations.The AESCSF leverages recognised industry frameworks such as the US Department of Energy’s Cybersecurity Capability Maturity Model (ES-C2M2) and the NIST Cyber Security Framework (CSF), and references global best-practice control standards (e.g. ISO/IEC 27001, NIST SP 800-53, COBIT, etc.). The AESCSF also incorporates Australian-specific control references, such as the ACSC Essential 8 Strategies to Mitigate Cyber Security Incidents, the Australian Privacy Principles, and the Notifiable Data Breaches scheme (NDB).
While there have been no major changes from the inaugural AESCSF assessment, important lessons learnt from the 2018 assessment process and feedback attained from participating members have been utilised in updating the 2019 version of the AESCSF.
Upon the completion of the first round of the Educational Training Workshops, additional AESCSF training materials will be made available, incorporating the feedback from these sessions. These are expected to be delivered in early October.
- AESCSF Criticality Assessment Tool Overview (538 KB, pdf)
- AESCSF Quick Reference Guide (520 KB, pdf)
- AESCSF Glossary (309 KB, pdf)
- AESCSF Framework Core (150 KB, xls)
- AESCSF 'Lite' (973 KB, pdf)
- AESCSF Frequently Asked Questions (1.33 MB, pdf)