CIRMP & AESCSF SP-2 Readiness Guide for Critical Infrastructure Operators
How confident are you that your CIRMP will hit AESCSF Security Profile 2
Before the 30 June 2028 Deadline?
Why This Guide Matters
Is Your Organisation Ready for SP-2?
Enhanced CIRMP obligations are no longer optional. Responsible entities across Australia's critical infrastructure sectors are expected to demonstrate continuous risk management, evidence-based governance and measurable cybersecurity maturity.
This guide explains how to transform CIRMP from a compliance exercise into an operational security program using IEC 62443 principles, AESCSF guidance and Red Piranha's Crystal Eye platform.
Enhanced CIRMP rules under the SOCI Act are now in force, and for energy sector entities the compliance bar is AESCSF Security Profile 2 across all eleven domains, with attestation due in the July 2028 window. This kit gives you a practical model for running CIRMP as a living assurance program built on Red Piranha, Crystal Eye and IEC 62443 plus a bonus deep-dive on reaching SP-2 in a renewable energy OT/IoT estate.
What's inside:
- What's changed under the 2026 enhanced CIRMP rules, and which asset classes are now in scope
- The four hazard categories every responsible entity must address: cyber, personnel, supply chain, physical/natural
- A 6-stage delivery model: Define, Assess, Design, Deploy, Operate, Assure for evidence-led compliance
- How to sequence your uplift toward AESCSF SP-2 ahead of the 30 June 2028 deadline.