AESCSF framework and resources

The Australian Energy Sector Cyber Security Framework (AESCSF) has been developed through collaboration with industry and government stakeholders, including the Australian Energy Market Operator (AEMO), Australian Cyber Security Centre (ACSC), Cyber and Infrastructure Security Centre (CISC), and representatives from Australian energy organisations.

The AESCSF leverages recognised industry frameworks such as the US Department of Energy’s Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) and the National Institute of Standards and Technology Cyber Security Framework (NIST CSF), and references global best-practice control standards (e.g. ISO/IEC 27001, NIST SP 800-53, COBIT, etc.). The AESCSF also incorporates Australian-specific control references, such as the ACSC Essential 8 Strategies to Mitigate Cyber Security Incidents, the Australian Privacy Principles (APPs), and the Notifiable Data Breaches (NDB) scheme.

In 2023 the AESCSF program will support 3 versions of the framework:

Resources to support these 3 versions and the criticality assessment tools for energy, gas and liquid are listed below.

AESCSF framework and resources

AESCSF 2023 Resource Downloads:

Key Resources

The 2023 AESCSF Overview

The 2022 AESCSF Education Workshop Pack

ConfirmIT Platform Client User Guide v1

The 2022 AESCSF Glossary

AESCSF 2023 Guidance Material for Low Criticality Organisations

AESCSF Version 2 Resources

AESCSF v2 Offline Toolkit

AESCSF v2 Summary of Changes

AESCSF v1 – v2 Change Log

The AESCSF v2 Core

The AESCSF v2 Quick Reference Guide

The AESCSF v2 Lite Framework

AESCSF Version 1 Resources

AESCSF v1 Offline Toolkit

The 2022 AESCSF Overview

The 2022 AESCSF Framework Core

The AESCSF v1 Quick Reference Guide

Criticality Assessment Tool Resources

The 2023 AESCSF Electricity Criticality Assessment Tool (E-CAT)

The 2023 AESCSF Gas Criticality Assessment Tool (G-CAT)

The 2023 Liquid Fuels Criticality Assessment Tool (L-CAT

About AEMO

Energy systems