AESCSF framework and resources
The Australian Energy Sector Cyber Security Framework (AESCSF) has been developed through collaboration with industry and government stakeholders, including the Australian Energy Market Operator (AEMO), Australian Cyber Security Centre (ACSC), Cyber and Infrastructure Security Centre (CISC), and representatives from Australian energy organisations.
The AESCSF leverages recognised industry frameworks such as the US Department of Energy’s Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) and the National Institute of Standards and Technology Cyber Security Framework (NIST CSF) and references global best-practice control standards (e.g. ISO/IEC 27001, NIST SP 800-53, COBIT, etc.). The AESCSF also incorporates Australian-specific control references, such as the ACSC Essential 8 Strategies to Mitigate Cyber Security Incidents, the Australian Privacy Principles (APPs), and the Notifiable Data Breaches (NDB) scheme.
Currently, there are three versions of the AESCSF:
Resources to support these three versions and the criticality assessment tools for energy, gas and liquid are listed below.
May 2025 update
AESCSF Program data entry via the Assessment Portal is now open and the Program Team continues to welcome registrations to participate. Updated materials supporting this year’s program are available via the Assessment Portal.
AESCSF resource downloads
-
Key Resources
-
10/10/2023
The 2023 AESCSF Overview
748.97 KB -
19/04/2022
2022 AESCSF Education Workshop Pack (v1 only)
3.06 MB -
21/12/2023
2023 AESCSF Education Workshop Pack
2.16 MB -
19/04/2022
The 2022 AESCSF Glossary
593.34 KB -
10/10/2023
AESCSF 2023 Guidance Material for Low Criticality Organisations
585.59 KB -
21/12/2023
AESCSF v2 Lite Offline Toolkit
426.5 KB
-
-
AESCSF Version 2 Resources
-
AESCSF Version 1 Resources
-
Criticality Assessment Tool Resources