AESCSF framework and resources

The Australian Energy Sector Cyber Security Framework (AESCSF) has been developed through collaboration with industry and government stakeholders, including the Australian Energy Market Operator (AEMO), Australian Cyber Security Centre (ACSC), Cyber and Infrastructure Security Centre (CISC), and representatives from Australian energy organisations.

The AESCSF leverages recognised industry frameworks such as the US Department of Energy’s Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) and the National Institute of Standards and Technology Cyber Security Framework (NIST CSF), and references global best-practice control standards (e.g. ISO/IEC 27001, NIST SP 800-53, COBIT, etc.). The AESCSF also incorporates Australian-specific control references, such as the ACSC Essential 8 Strategies to Mitigate Cyber Security Incidents, the Australian Privacy Principles (APPs), and the Notifiable Data Breaches (NDB) scheme.

Currently, there are three versions of the AESCSF:

Resources to support these 3 versions and the criticality assessment tools for energy, gas and liquid are listed below.

AESCSF Resource Downloads:

Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.