Skip to content

Questions & Answers

What is the NSW CSP mandatory 25?


Get the answers you need.

 

Never use spreadsheets again.


What is the NSW CSP mandatory 25?


1. Implement an Information Security Management System (ISMS) or Cyber Security Framework (CSF): This is a mandatory requirement for organizations operating in New South Wales (NSW) to ensure the security of their systems and networks. This involves developing, documenting and implementing processes, procedures and controls to protect the confidentiality, integrity and availability of information assets.

2. Classify information and systems according to their importance: Organizations must classify their information and systems according to their importance, sensitivity and potential value to an adversary. This includes the implementation of appropriate security controls based on the classification of the information assets.

3. Develop and maintain an asset inventory: Organizations must maintain an inventory of their systems, networks and other information assets. This includes recording the location, ownership, purpose, value and usage of each asset.

4. Ensure the secure operation of systems: Organizations must ensure that all systems are secure and meet the requirements of the organizations ISMS or CSF. This includes the implementation of security controls, such as patching, secure configuration, logging and monitoring, and the use of antivirus and anti-malware software.

5. Ensure the secure exchange of information: Organizations must ensure the secure exchange of information with external entities, such as customers, suppliers and partners. This includes the adoption of secure data transmission methods and technologies, such as encryption and digital certificates.

6. Ensure the secure storage of information: Organizations must ensure the secure storage of information, including on premises and in the cloud. This includes the adoption of secure storage technologies, such as encryption and secure data access controls.

7. Ensure the secure disposal of information: Organizations must ensure the secure disposal of information, such as when it is no longer required or is considered to be sensitive. This includes the adoption of secure disposal methods and technologies, such as shredding, wiping and sanitization.

8. Establish secure user access controls: Organizations must establish secure user access controls, including authentication, authorization and user privileges. This includes the use of secure access credentials, such as passwords, multi-factor authentication and single sign-on.

9. Ensure the secure use of mobile devices: Organizations must ensure the secure use of mobile devices, such as laptops, tablets and smartphones. This includes the implementation of secure mobile device management (MDM) solutions, as well as the use of secure mobile applications.

10. Establish and maintain secure network practices: Organizations must establish and maintain secure network practices, such as firewalls, intrusion prevention systems and security monitoring. This includes the implementation of proactive measures, such as vulnerability scanning, to identify and address any potential security weaknesses.

11. Establish security incident response plans: Organizations must develop and maintain security incident response plans in the event of a security breach or attack. This includes the implementation of processes and procedures to detect, contain, investigate and remediate any security incidents.

12. Monitor and audit security controls: Organizations must monitor and audit the effectiveness of their security controls. This includes the use of penetration testing and regular vulnerability scanning to identify and address any potential security weaknesses.

13. Establish secure web and application development practices: Organizations must develop secure web and application development practices. This includes the use of secure coding techniques, such as input validation and output encoding, as well as the implementation of secure development life cycle (SDLC) processes.

14. Establish secure cloud computing practices: Organizations must develop secure cloud computing practices. This includes the use of secure cloud architectures, such as multi-tenancy and microservices, as well as the implementation of secure cloud services and technologies.

15. Develop secure authentication and authorization practices: Organizations must develop secure authentication and authorization practices, such as the use of strong passwords, two-factor authentication and single sign-on. This includes the implementation of secure access controls, such as role-based access control and least privilege.

16. Establish secure email and messaging practices: Organizations must develop secure email and messaging practices. This includes the adoption of secure email protocols, such as S/MIME, and the implementation of secure messaging services, such as virtual private networks (VPNs).

17. Establish secure identity and access management practices: Organizations must develop secure identity and access management (IAM) practices. This includes the use of secure identity and access provisioning processes, such as self-service provisioning and role-based access control.

18. Develop secure system and application deployment practices: Organizations must develop secure system and application deployment practices. This includes the use of automated deployment tools, such as DevOps, as well as the implementation of secure deployment processes and technologies.

19. Develop secure data protection practices: Organizations must develop secure data protection practices. This includes the use of secure data storage and transmission methods, such as encryption and digital certificates, as well as the implementation of secure data backup and archiving processes.

20. Establish secure physical security measures: Organizations must develop secure physical security measures. This includes the implementation of secure access controls, such as locks and biometrics, as well as the use of secure physical environment monitoring systems.

21. Establish secure supply chain management practices: Organizations must develop secure supply chain management practices. This includes the implementation of secure supplier assessment processes and the use of secure supply chain management systems.

22. Establish secure communications practices: Organizations must develop secure communications practices. This includes the adoption of secure communication protocols, such as end-to-end encryption, as well as the use of secure messaging and collaboration tools.

23. Develop secure analytics practices: Organizations must develop secure analytics practices. This includes the use of secure data science and analytics tools, such as machine learning, as well as the implementation of secure data visualization and reporting processes.

24. Develop secure Internet of Things (IoT) practices: Organizations must develop secure Internet of Things (IoT) practices. This includes the adoption of secure IoT protocols, such as MQTT and CoAP, as well as the implementation of secure device management systems.

25. Establish secure governance and risk management practices: Organizations must develop secure governance and risk management practices. This includes the adoption of secure risk assessment and management processes, such as the identification, assessment, monitoring and mitigation of security risks.

Trusted by 1,000's of business worldwide

KWM
GKN automotive industry 6clicks
Volaris private equity using 6clicks
NSW government using 6clicks
Canva using 6clicks
NTT telecommunications using 6clicks
Flybuys using 6clicks for risk and compliance
CyberCX using 6clicks cybersecurity MSP
TCS advisor using 6clicks for GRC
Clydo & Co using 6clicks for legal services
G+T using 6clicks for risk and compliance
BDO using 6clicks for risk and compliance

6clicks lets you compare hundreds of standards, regulations and frameworks in seconds — no code required.

GET STARTED NOW

Hear from world-renowned GRC analyst Michael Rasmussen about 6clicks and why it's breakthrough approach is winning


Get up and running with 6clicks in just a matter of hours.
HubSpot Video

 

Hub & Spoke

'Push-down' standards to teams

'Push' your standard templates, controls, and risk libraries to your teams.

Analytics

'Roll up' analytics for reporting

Roll-up analytics for consolidated reporting across your teams. 

Our customers have spoken.

They genuinely love 6clicks.

"The best cyber GRC platform for businesses and advisors."


David Simpson | CyberCX

"We chose 6clicks not only for our clients, but also our internal use”

Chief Risk Officer | Publically Listed 

"We use Hub & Spoke globally for our cyber compliance program. Love it."

Head of Compliance | Fortune 500

Top 100 Innovators
customers-love-us-white
Capterra review badge
G2-Winter-Leader-ALL
RegTech Top 100
CRN Top 100
Michael Rasmussen | GRC 20/20 Research LLC

"The 6clicks solution simplifies and strengthens risk, compliance, and control processes across entities and can grow and adapt as the organization changes and evolves."

Michael Rasmussen
GRC 20/20 Research LLC

6clicks is powered by AI and includes all the content you need.
Our unique 6clicks Hub & Spoke architecture makes it simple to use and deploy.

logo
logo
logo
logo
logo
logo

GET STARTED TODAY