AESCSF framework and resources

The Australian Energy Sector Cyber Security Framework (AESCSF) has been developed through collaboration with industry and government stakeholders, including the Australian Energy Market Operator (AEMO), Australian Cyber Security Centre (ACSC), Critical Infrastructure Centre (CIC), and the Cyber Security Industry Working Group (CSIWG), which includes representatives from Australian energy organisations.

The AESCSF leverages recognised industry frameworks such as the US Department of Energy’s Cybersecurity Capability Maturity Model (ES-C2M2) and the NIST Cyber Security Framework (CSF), and references global best-practice control standards (e.g. ISO/IEC 27001, NIST SP 800-53, COBIT, etc.). The AESCSF also incorporates Australian-specific control references, such as the ACSC Essential 8 Strategies to Mitigate Cyber Security Incidents, the Australian Privacy Principles, and the Notifiable Data Breaches scheme (NDB).

While there have been no major changes from the inaugural AESCSF assessment, important lessons learnt from the 2018 and 2019 assessment process and feedback attained from participating members have been utilised in updating the 2020-21 version of the AESCSF.

Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.