28 lines
1.1 KiB
Org Mode
28 lines
1.1 KiB
Org Mode
:PROPERTIES:
|
|
:ID: auto-apra-cps-234
|
|
:CREATED: [2026-05-23 Sat]
|
|
:END:
|
|
#+title: APRA CPS 234 (Prudential Standard — Information Security)
|
|
#+filetags: :passepartout:compliance:framework:apra:
|
|
|
|
** APRA CPS 234 (Prudential Standard — Information Security)
|
|
|
|
Australian Prudential Regulation Authority standard for regulated financial
|
|
institutions. Requires: clearly defined information security roles and
|
|
responsibilities, periodic cybersecurity capability assessments, robust control
|
|
testing, timely remediation of control weaknesses, mandatory notification of
|
|
material incidents to APRA within 72 hours.
|
|
|
|
Who must comply: Banks, insurers, superannuation funds regulated by APRA.
|
|
~500 entities.
|
|
|
|
Penalties: APRA can impose capital requirements, license conditions, or
|
|
license cancellation for non-compliance. Personal liability for board and
|
|
senior management.
|
|
|
|
Why it matters: CPS 234's control testing requirement creates demand for
|
|
continuous verification — exactly what the gate stack and evaluation harness
|
|
provide. First-mover advantage: CPS 234 is mature (2019) but enforcement is
|
|
escalating. No vendor provides a deterministic control-testing pipeline.
|
|
|