Skip to content
NEW
Updated Content - filter and click to explore

Content Library

Access our comprehensive library of best-practice digital guidance from numerous recognised authorities and industry-leading organisations.

Assessment
Cybersecurity

NIST SP800-161 Question Set

This download includes the NIST SP800-161 core controls and mapped questions that you can use to internally audit your organisation. NIST SP 800-161 is a set of standards and guidelines to help federal agencies and contractors implement and maintain their supply chain risk management practices set by the Federal Information Security Management Act (FISMA).

Sector(s):
  • Government
Jurisdiction(s):
  • All

Filter By:

Type:

Sector:

Jurisdiction:

Category:

52 Risks
Risk Library

52 Risks

52 Risks

Jurisdiction: All
Category: Business

6clicks Essential Controls Assessment
Assessment

6clicks Essential Controls Assessment

6clicks

Jurisdiction: All
Category: Cybersecurity

6clicks Pandemic Assessment
Assessment

6clicks Pandemic Assessment

6clicks

Jurisdiction: All
Category: Cybersecurity

6clicks Scope Assessment
Assessment

6clicks Scope Assessment

6clicks

Jurisdiction: All
Category: Cybersecurity

Acceptable Use
Control

Acceptable Use

6clicks

Jurisdiction: All
Category: Cybersecurity

APRA CPS 234 Question Set
Assessment

APRA CPS 234 Question Set

Australian Prudential Regulation Authority (APRA)

Jurisdiction: Australia
Category: Cybersecurity

ASD Essential 8 Maturity Assessment
Assessment

ASD Essential 8 Maturity Assessment

Australian Government

Jurisdiction: All
Category: Cybersecurity

Australian Energy Sector Cyber Security Framework (AESCSF) Question Set
Assessment

Australian Energy Sector Cyber Security Framework (AESCSF) Question Set

Australian Energy Market Operator (AEMO)

Jurisdiction: Australia
Category: Cybersecurity

Board Top Risks
Risk Library

Board Top Risks

6clicks

Jurisdiction: All
Category: Business

Business Continuity
Control

Business Continuity

6clicks

Jurisdiction: All
Category: Cybersecurity

Business Continuity
Risk Library

Business Continuity

6clicks

Jurisdiction: All
Category: Business

CompLeR Core
Risk Library

CompLeR Core

CompLeR

Jurisdiction: All
Category: Business

CompLeR Sector
Risk Library

CompLeR Sector

CompLeR

Jurisdiction: All
Category: Business

Consensus Assessments Initiative Questionnaire (CAIQ) Lite
Assessment

Consensus Assessments Initiative Questionnaire (CAIQ) Lite

Cloud Security Alliance (CSA)

Jurisdiction: All
Category: Cybersecurity

Consensus Assessments Initiative Questionnaire v3.0.1
Assessment Control

Consensus Assessments Initiative Questionnaire v3.0.1

Cloud Security Alliance (CSA)

Jurisdiction: All
Category: Cybersecurity

Cyber and Information Security Framework
Control

Cyber and Information Security Framework

6clicks

Jurisdiction: All
Category: Cybersecurity

Cyber Security
Risk Library

Cyber Security

6clicks

Jurisdiction: All
Category: Cybersecurity

Cybersecurity Maturity Model Certification (CMMC) Question Set
Assessment

Cybersecurity Maturity Model Certification (CMMC) Question Set

Office of the Under Secretary of Defense for Acquisition & Sustainment

Jurisdiction: USA
Category: Cybersecurity

Environmental Risks
Risk Library

Environmental Risks

6clicks

Jurisdiction: All
Category: Business

FedRAMP Security Controls
Control

FedRAMP Security Controls

US Government

Jurisdiction: USA
Category: Cybersecurity

Financial Services Sector Cybersecurity Profile (FSSCP) Question Set
Assessment

Financial Services Sector Cybersecurity Profile (FSSCP) Question Set

Financial Services Sector Coordinating Council

Jurisdiction: USA
Category: Cybersecurity

General Business
Risk Library

General Business

6clicks

Jurisdiction: All
Category: Business

Human Resources Security
Control

Human Resources Security

6clicks

Jurisdiction: All
Category: Cybersecurity

Identity and Access
Control

Identity and Access

6clicks

Jurisdiction: All
Category: Cybersecurity

Information Security Issue Management
Control

Information Security Issue Management

6clicks

Jurisdiction: All
Category: Cybersecurity

Information Security Manual (ISM) - July 2020 Question Set
Assessment

Information Security Manual (ISM) - July 2020 Question Set

Australian Government

Jurisdiction: Australia
Category: Cybersecurity

Information Security Manual (ISM) - March 2020 Question Set
Assessment

Information Security Manual (ISM) - March 2020 Question Set

Australian Government

Jurisdiction: Australia
Category: Cybersecurity

ISO/IEC 27001:2013 Annex A Question Set
Assessment

ISO/IEC 27001:2013 Annex A Question Set

International Organization for Standardization (ISO)

Jurisdiction: All
Category: Cybersecurity

ISO/IEC 27001:2013 Question Set
Assessment

ISO/IEC 27001:2013 Question Set

International Organization for Standardization (ISO)

Jurisdiction: All
Category: Cybersecurity

IT Operations Security
Control

IT Operations Security

6clicks

Jurisdiction: All
Category: Cybersecurity

MAS 655 Notice on Cyber Hygiene Question Set
Assessment

MAS 655 Notice on Cyber Hygiene Question Set

Monetary Authority of Singapore (MAS)

Jurisdiction: Singapore
Category: Cybersecurity

Network Security
Control

Network Security

6clicks

Jurisdiction: All
Category: Cybersecurity

NIST Cyber Security Framework (CSF) Question Set
Assessment

NIST Cyber Security Framework (CSF) Question Set

National Institute of Standards and Technology (NIST)

Jurisdiction: All
Category: Cybersecurity

NIST SP800-161 Question Set
Assessment

NIST SP800-161 Question Set

National Institute of Standards and Technology (NIST)

Jurisdiction: All
Category: Cybersecurity

NIST SP800-171 r2 Question Set
Assessment

NIST SP800-171 r2 Question Set

National Institute of Standards and Technology (NIST)

Jurisdiction: All
Category: Cybersecurity

NSW Cyber Security Policy (NSW CSP) Question Set
Assessment

NSW Cyber Security Policy (NSW CSP) Question Set

NSW Government

Jurisdiction: New South Wales
Category: Cybersecurity

OH&S Risks
Risk Library

OH&S Risks

6clicks

Jurisdiction: All
Category: Workplace Health & Safety

OWASP Secure Medical Device Deployment Standard (SMDDS) Question Set
Assessment

OWASP Secure Medical Device Deployment Standard (SMDDS) Question Set

Open Web Application Security Project (OWASP)

Jurisdiction: All
Category: Cybersecurity

Pandemic Risks
Risk Library

Pandemic Risks

6clicks

Jurisdiction: All
Category: Business

PCI-DSS Security Assessment Questionnaire (SAQ) A-EP
Assessment

PCI-DSS Security Assessment Questionnaire (SAQ) A-EP

PCI Security Standards Council

Jurisdiction: All
Category: Cybersecurity

Physical and Environmental Security
Control

Physical and Environmental Security

6clicks

Jurisdiction: All
Category: Cybersecurity

Project Management
Risk Library

Project Management

6clicks

Jurisdiction: All
Category: Business

Queensland Information Security Policy (IS18:2018) Question Set
Assessment

Queensland Information Security Policy (IS18:2018) Question Set

Queensland Government

Jurisdiction: Queensland
Category: Cybersecurity

SA Cyber Security Framework (CSF) Question Set
Assessment

SA Cyber Security Framework (CSF) Question Set

South Australian Government

Jurisdiction: South Australia
Category: Cybersecurity

Secure Controls Framework (SCF) Assessment
Assessment

Secure Controls Framework (SCF) Assessment

Secure Controls Framework (SCF) Council

Jurisdiction: All
Category: Cybersecurity Privacy

SOC 2 Trusted Services Criteria Question Set
Assessment

SOC 2 Trusted Services Criteria Question Set

American Institute of Certified Public Accountants (AICPA)

Jurisdiction: USA
Category: Cybersecurity

Startups & New Ventures
Risk Library

Startups & New Ventures

6clicks

Jurisdiction: All
Category: Business

Supplier Security
Control

Supplier Security

6clicks

Jurisdiction: All
Category: Cybersecurity

System Acquisition and Development
Control

System Acquisition and Development

6clicks

Jurisdiction: All
Category: Cybersecurity

TAS Information Security Framework (ISF) Question Set
Assessment

TAS Information Security Framework (ISF) Question Set

Tasmanian Government

Jurisdiction: Tasmania
Category: Cybersecurity

UAE Information Assurance (IA) Assessment
Assessment

UAE Information Assurance (IA) Assessment

National Electronic Security Authority (NESA)

Jurisdiction: UAE
Category: Cybersecurity

UK NCSC Cyber Essentials Question Set
Assessment

UK NCSC Cyber Essentials Question Set

National Cyber Security Center (NCSC)

Jurisdiction: UK
Category: Cybersecurity

Victorian Protective Data Security Standards 2.0 (VPDSS) Question Set
Assessment

Victorian Protective Data Security Standards 2.0 (VPDSS) Question Set

Office of the Victorian Information Commissioner (OVIC)

Jurisdiction: Victoria
Category: Cybersecurity

VSA Questionnaire
Assessment

VSA Questionnaire

Vendor Security Alliance (VSA)

Jurisdiction: All
Category: Cybersecurity

WA Digital Security Policy (DSP) Question Set
Assessment

WA Digital Security Policy (DSP) Question Set

Western Australian Government

Jurisdiction: Western Australia
Category: Cybersecurity

Australian Financial Services (AFS) License Control Set
Control

Australian Financial Services (AFS) License Control Set

6clicks

Jurisdiction: Australia
Category: Financial Services

COBIT 19
Control

COBIT 19

ISACA

Jurisdiction: All
Category: Cybersecurity

SWIFT Customer Security Controls Framework (CSCF)
Control

SWIFT Customer Security Controls Framework (CSCF)

SWIFT

Jurisdiction: All
Category: Cybersecurity

CERT NZ's Top ten critical controls
Control

CERT NZ's Top ten critical controls

Cert NZ

Jurisdiction: New Zealand
Category: Cybersecurity

Ransomware Incident Response Playbook
Playbook

Ransomware Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Cloud Email Compromise Incident Response Playbook
Playbook

Cloud Email Compromise Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

 Create Account (Backdoor User Accounts) Incident Response Playbook
Playbook

Create Account (Backdoor User Accounts) Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Credential Access (Password Spraying) Incident Response Playbook
Playbook

Credential Access (Password Spraying) Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Cyber Blackmail Incident Reponse Playbook
Playbook

Cyber Blackmail Incident Reponse Playbook

Jurisdiction: All
Category: Cybersecurity

Defense Evasion (Disabling Security Software) Incident Reponse Playbook
Playbook

Defense Evasion (Disabling Security Software) Incident Reponse Playbook

Jurisdiction: All
Category: Cybersecurity

Denial of Service (DOS) Incident Response Playbook
Playbook

Denial of Service (DOS) Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Device Theft/Loss Incident Response Playbook
Playbook

Device Theft/Loss Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Malware Incident Response Playbook
Playbook

Malware Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Money Mule Scams (CEO Fraud) Incident Response Playbook
Playbook

Money Mule Scams (CEO Fraud) Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Phishing Incident Response Playbook
Playbook

Phishing Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Resource Development (Compromise Accounts) Incident Response Playbook
Playbook

Resource Development (Compromise Accounts) Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Scam Incident Response Playbook
Playbook

Scam Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Social Engineering Incident Response Playbook
Playbook

Social Engineering Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Credential Access (Unsecured Credentials) Incident Response Playbook
Playbook

Credential Access (Unsecured Credentials) Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Drive By Compromise Incident Response Playbook
Playbook

Drive By Compromise Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Group Policy Modification Incident Response Playbook
Playbook

Group Policy Modification Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Insider Abuse Incident Response Playbook
Playbook

Insider Abuse Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

ISO 31000:2009 Risk management
Project

ISO 31000:2009 Risk management

International Organization for Standardization (ISO)

Jurisdiction: All
Category: Risk Management

ISO27005:2008 Information Security Risk Management
Project

ISO27005:2008 Information Security Risk Management

International Organization for Standardization (ISO)

Jurisdiction: All
Category: Risk Management

MEHARI 2010: Processing guide for risk analysis and management
Project

MEHARI 2010: Processing guide for risk analysis and management

CLUSIF

Jurisdiction: All
Category: Risk Management

NIST SP 800-30 r1 guide for Conducting Risk Assessments
Project

NIST SP 800-30 r1 guide for Conducting Risk Assessments

National Institute of Standards and Technology

Jurisdiction: USA
Category: Risk Management

NIST Special Publication 800-39: Managing Information Security Risk
Project

NIST Special Publication 800-39: Managing Information Security Risk

National Institute of Standards and Technology

Jurisdiction: USA
Category: Risk Management

The DREAD Risk Assessment Model
Project

The DREAD Risk Assessment Model

Microsoft

Jurisdiction: All
Category: Risk Management

The STRIDE Threat Model
Project

The STRIDE Threat Model

Microsoft

Jurisdiction: All
Category: Risk Management

Subscribe for the latest 6clicks content

Receive weekly updates on the latest additions to the 6clicks Content Library.