CIRMP & AESCSF SP-2 Readiness Guide for Critical Infrastructure Operators
How confident are you that your CIRMP is on track to achieve AESCSF Security Profile 2 before the 30 June 2028 deadline?
Why This Guide Matters
Is Your Organisation Ready for SP-2?
Enhanced CIRMP obligations are now in force under the SOCI Act, raising cybersecurity expectations for Australia's critical infrastructure operators. Responsible entities must demonstrate continuous risk management, measurable security maturity, and evidence-based governance.
This guide shows how to transform CIRMP from a compliance exercise into an operational security program using IEC 62443, AESCSF guidance, and Red Piranha's Crystal Eye platform.
Learn how to build a living assurance program that supports ongoing compliance, simplifies evidence collection, and helps your organisation progress toward AESCSF Security Profile 2 before the 30 June 2028 deadline. The guide also includes a practical deep dive into securing renewable energy OT and IoT environments.
What's inside:
- What's changed under the 2026 enhanced CIRMP rules, and which asset classes are now in scope
- The four hazard categories every responsible entity must address: cyber, personnel, supply chain, physical/natural
- A 6-stage delivery model: Define, Assess, Design, Deploy, Operate, Assure for evidence-led compliance
- How to sequence your uplift toward AESCSF SP-2 ahead of the 30 June 2028 deadline.