1.1 KiB
APRA CPS 234 (Prudential Standard — Information Security)
APRA CPS 234 (Prudential Standard — Information Security)
Australian Prudential Regulation Authority standard for regulated financial institutions. Requires: clearly defined information security roles and responsibilities, periodic cybersecurity capability assessments, robust control testing, timely remediation of control weaknesses, mandatory notification of material incidents to APRA within 72 hours.
Who must comply: Banks, insurers, superannuation funds regulated by APRA. ~500 entities.
Penalties: APRA can impose capital requirements, license conditions, or license cancellation for non-compliance. Personal liability for board and senior management.
Why it matters: CPS 234's control testing requirement creates demand for continuous verification — exactly what the gate stack and evaluation harness provide. First-mover advantage: CPS 234 is mature (2019) but enforcement is escalating. No vendor provides a deterministic control-testing pipeline.