V1.1 & V2.0

Description: NIST Cyber Security Framework provides a comprehensive cyber risk assessment. The framework provides guidelines that are applicable to a wide range of organisations.
Reasons to use this framework:
‍> Suitable for organisations looking to complete a comprehensive risk assessment against NIST Cyber Security Framework.
> Achieve compliance against the NIST CSF framework.

Publisher: Adapted by Hawkstream from National Institute of Standards and Technology (NIST) - Cyber Security Framework.
Jurisdiction: United StatesAttribution: Attribution: https://www.nist.gov/

Nov, 2023 Update

Description: The Essential Eight Maturity Model, first published in June 2017 and updated regularly, supports the implementation of the Essential Eight. It is based on the ACSC’s experience in producing cyber threat intelligence, responding to cyber security incidents, conducting penetration testing and assisting organisations to implement the Essential Eight.
Reasons to use this framework:
> Assess cyber security maturity againsts essential eight risk controls.
> Compliance requirement for Australian Government organisations.
> Relevant to organisations with Microsoft-based networks.
> Suitable for all sized organisations.

Publisher: Adapted by Hawkstream from Australian Cyber Security Centre (ACSC) under Creative Commons License.
Jurisdiction: Australia
Attribution:https://www.cyber.gov.au/

March, 2024 Update

Description:
SCF provides a comprehensive set of controls to inform your cyber security program.
Reasons to use this framework:
> Ensure your organisation has the fundamental risk controls.

Publisher: Secure Controls Framework Council, LLC; under Creative Commons Attribution-NoDerivatives 4.0 International Public License
Jurisdiction: Global
Attribution: https://securecontrolsframework.com/

V1.0

Description: Provides privacy related risk controls. NIST Privacy is a leading framework used by organisations around the world to establish general best practice privacy risk controls.
Reasons to use this framework:
> Simple and practical questions.> Identify general privacy-related risk control gaps.
> Suitable for all organisations*.

Publisher: Adapted by Hawkstream from National Institute of Standards and Technology (NIST) - cyber security framework.Jurisdiction: United States
‍Attribution: https://www.nist.gov/

NIS2 Directive

Description: The NIS2 Directive is an EU cybersecurity regulation that aims to enhance the cybersecurity resilience of critical infrastructure and essential services across the EU by setting stricter security and reporting requirements for organisations.
‍Reasons to use this framework:
NIS2 applies to a broad range of sectors.
Under NIS2, organisations in these sectors must implement cybersecurity measures, manage supply chain risks, and report cyber incidents to national authorities. Non-compliance can lead to significant fines and penalties.

Digital Operational Resilience Act (DORA)

Description: The Digital Operational Resilience Act (DORA) is an EU regulation focused on enhancing the operational resilience of financial institutions to withstand and recover from ICT-related disruptions, such as cyberattacks.
Reason to use this framework:
Under DORA, these organisations must establish comprehensive ICT risk management frameworks, conduct regular assessments, and ensure quick reporting of incidents to regulators. Non-compliance can lead to fines and other regulatory consequences.

PCI DSS v4.0.1

Description: PCI DSS is intended to protect cardholder data and reduce credit card fraud by encouraging companies to implement robust security measures. Compliance with PCI DSS is essential for businesses that handle cardholder data.
Reasons to use this framework:
‍> All entities that store, process and/or transmit cardholder data, such as merchants, service providers (e.g. payment gateways, SPSP, processors), must comply with the PCI DSS.
> Achieve compliance against the PCI DSS framework.

ISO 27001:2022 & Annex A Controls

Description: ISO 27001:2022 is an internationally recognised information security management system (ISMS). Annex A defines 93 information security controls organisations can use to achieve / maintain ISO 27001:2022 compliance.
Reasons to use this framework:
> Align and certify your organisation against ISO27001:2022.

Cyber Essentials Checklist

Description: Cyber Essentials helps you to guard your organisation against the most common cyber threats and demonstrate your commitment to cyber security.
Reasons to use this framework:
> Develop cyber security controls to prevent data breach.
> Prepare for Cyber Essentials certification (required for some UK Government contracts).
> Identify cyber security risk control gaps.> Suitable for small/medium organisations.

Publisher: Adapted by Hawkstream from National Cyber Security Centre (UK) under Open Government Licence‍
Jurisdiction: United Kingdom
Original content attribution: https://www.ncsc.gov.uk/

Checklists & Compliance Tools

Hawkstream provides checklists to align your cyber security program to leading practice from the world's leading authorities (ASD, ICO, OAIC) and comply with regulations (GDPR, Australian Privacy Act).

Privacy Impact Assessment

Description: A Privacy Impact Assessment (PIA) is a tool that can be used to assess the privacy impacts of a new project and where necessary, identify ways in which the obligations set out in privacy legislations.
Reasons to use this framework:
> Identify risks to personal identifiable information during projects.
> Establishing a ‘privacy by design approach’ to information handling.

Publisher: Hawkstream
Jurisdiction: Global
Attribution: https://hawkstream.io

Consumer Data Rights Privacy safeguard checklist

Description: The Consumer Data Right is designed to keep your data secure and protect your privacy. The Consumer Data Right privacy safeguards in the Australian Competition and Consumer Act 2010 set out your privacy rights and the strict obligations on businesses collecting and handling your data. There are 13 legally binding privacy safeguards.
‍Reasons to use this framework:
> Ensure your company can interact and collect customer information inline with privacy legislation requirements.
> Identify privacy risk control gaps.
> Suitable for organisations of all sizes*.

Publisher: Adapted by Hawkstream from Office of the Australian Information Commissioner (OAIC) under Creative Commons Licence.
Jurisdiction: Australia
‍Original content attribution: https://www.oaic.gov.au/

ICO Data Protection - Checklist

Description: The checklist covers a range of data protection controls broadly useful to controlling risks relevant to smaller organisations.
‍Reasons to use this framework:
> Simple and practical data protection controls.
> Identify risk control gaps.> Suitable for small and medium sized organisations.
> Complementary to other cyber security control frameworks.

Publisher: Adapted by Hawkstream from Information Commissioner’s Office (ICO) under Open Government Licence.
‍Jurisdiction: United Kingdom
‍Original content attribution: https://ico.org.uk/

NIST - CSF Checklist for Small & Medium Organisations

Description: Based on NIST Cyber Security Framework; a simple and high level cyber risk assessment.
‍Reasons to use this framework:
> Simple and practical cyber risk assessment.
> Suitable for small and medium organisations*.

Publisher: Adapted by Hawkstream from National Institute of Standards and Technology (NIST) - cyber security framework.
‍Jurisdiction: United States
‍Attribution: https://www.nist.gov/

Third party Cyber Security Risk Assessment

Description: Third party cyber risk assessments help to understand the risks to data when utilising third party vendors' products and services.Assessing vendors routinely can help to keep informed about changes to security postures and work with vendors to remediate
Reasons to use this framework:
> Identify specific gaps in vendors' cyber and privacy risk controls.
> Suitable for organisations of all sizes*.

Publisher: Hawkstream
Jurisdiction: Global

Cloud Computing Security Checklist

Description: The checklist questions are intended to identify and manage relevant information security risks associated with the evolving field of cloud computing.
Reasons to use this framework:
> Evaluate cloud risk controls.
> Suitable for organisations of all sizes*.

Publisher: Adapted by Hawkstream from Australian Cyber Security Centre (ACSC) under Creative Commons Licence.
Jurisdiction: Australia
Attribution: https://www.cyber.gov.au/

Identity & Access Management Checklist

Description: Identity and access management is a key part of cyber security as it ensures the right people have access to an organisation’s information.
Reasons to use this framework:
> Ensure your organisation has the fundamental risk controls.

Publisher: Hawkstream
Jurisdiction: Global

Australian Privacy Principles (APP)

Description: The Australian Privacy Principles are the cornerstone of the Privacy Act 1988.‍
‍Reasons to use this framework:
‍> Comply with Australian Privacy Act 1988 (legislation).

Publisher: Adapted by Hawkstream from Office of the Australian Information Commissioner (OAIC) under Creative Commons Licence.
Jurisdiction: Australia
Attribution: https://www.oaic.gov.au/

Data Protection Impact Assessment (DPIA)

Description: A Data Protection Impact Assessment (DPIA) is required when processing activities are likely to result in a high risk to the rights and freedoms of individuals. This requirement is outlined in Article 35 of the General Data Protection Regulation (GDPR). DPIAs help organisations assess, identify, and minimise risks related to data processing activities.
‍Reasons to use this framework:
> Comply with GDPR.
> Identify Data Protection Risks

Publisher: Hawkstream
Jurisdiction: EU

Cyber Security Principles Maturity Checklist

Description: The purpose of the cyber security principles is to provide strategic guidance on how an organisation can protect their systems and data from cyber threats.
Reasons to use this framework:
> Align your cyber security program around guiding principles.
> Suitable for organisations of all sizes.

Publisher: Adapted by Hawkstream from Australian Cyber Security Centre (ACSC) under Creative Commons Licence.
Jurisdiction: Australia
Attribution: https://www.cyber.gov.au/

Frameworks & Compliance

Hawkstream provides assessments against the following cyber security, data protection and privacy frameworks. Align your organisation and achieve compliance.

Checklists & Compliance Tools

Get our free ebook "Five amplifiers of cyber risk"