Australia's Security of Critical Infrastructure (SOCI) Act and the CIRMP Rules require responsible entities to manage cyber and other hazards, report incidents to the ACSC on a two-speed clock, and submit a board-approved annual CIRMP report. CyberICS delivers 300+ ready-to-run OT scenarios with AI-generated After Action Reports that produce AESCSF-mappable cyber-hazard evidence — and drill the 12-hour and 72-hour reporting duties before they are ever real.
The SOCI Act and CIRMP Rules apply to responsible entities for critical infrastructure assets across the regulated sectors. Exercise evidence underpins the cyber-hazard sections of the board-approved annual CIRMP report.
Operators of critical electricity, water, gas, ports, and other in-scope assets must maintain a CIRMP addressing cyber, supply-chain, personnel, and physical hazards — with the cyber-hazard section evidenced by exercises.
The board must approve the annual CIRMP report each Australian financial year. Executives and board delegates must rehearse attesting with an incident open — testing governance honesty and evidence quality.
Security, legal, and risk teams must exercise the two-speed ACSC reporting duty, Part 3A government-assistance mechanics, and map findings to AESCSF practice areas as CIRMP evidence.
The CIRMP hazard-management, ACSC reporting, and government-assistance obligations are the ones most directly addressed by tabletop exercises. The board-approved annual report and the response-exercise practice clock are tracked live.
| Standard | Title | Key Requirement Addressed | CyberICS Capability | Relevance |
|---|---|---|---|---|
| CIRMP Report | Annual CIRMP Report (Board-Approved) | Submit a board-approved CIRMP annual report each Australian financial year, with cyber-hazard evidence. | A formal annual exercise plus capstone board-attestation drill; AARs and readiness trend packaged as the cyber-hazard evidence appendix. | Direct |
| s30BC/BD | ACSC Incident Reporting (12h / 72h) | Report critical-impact incidents to the ACSC within 12 hours, and other relevant incidents within 72 hours. | Scenarios drill impact classification and the two-speed clock; in-exercise reporting timestamps captured in the compliance log. | Direct |
| CIRMP Cyber | Cyber & Information-Security Hazard | Identify and mitigate cyber hazards to the critical asset; exercise the response. | A formal, evaluated response exercise on a grid-control scenario with AESCSF-mapped findings for the report. | Direct |
| SOCI Part 3A | Government Assistance (Step-In) Powers | Be prepared for information-gathering directions, action directions, and intervention requests during a serious incident. | The step-in scenario rehearses receiving a direction, decision rights, legal posture, and cooperation mechanics before they are ever real. | Scenario |
| CIRMP Supply | Supply-Chain & Personnel Hazards | Manage supply-chain and personnel hazard vectors — managed-provider compromise and trusted-insider misuse. | Scenarios exercise third-party access revocation and the security/HR/legal insider sequence, captured as hazard-management evidence. | Scenario |
| AESCSF | AESCSF Practice-Area Maturity | Demonstrate maturity across AESCSF practice areas as supporting evidence. | Framework-tagged decision logs and the remediation tracker with verified closures map findings to AESCSF practice areas. | Supporting |
Three platform capabilities work together to produce board-approved cyber-hazard evidence and drill the ACSC reporting duties.
Live Session mode provides a structured, real-time exercise environment. Participants join by code, respond to scenario steps, and all activity is timestamped — creating an auditable exercise record.
CyberICS's AI engine generates a structured AAR immediately after each exercise — documenting gaps identified, recommended corrective actions, and framework alignment.
The Compliance Dashboard generates per-framework evidence packages — a multi-page audit PDF covering exercise log, controls mapping, gap analysis, remediation timeline, and formal attestation page.
Six high-fidelity scenarios are immediately available, sequenced from foundational to advanced. Each exercises CIRMP hazard vectors and ACSC reporting across your OT, security, legal, and board teams.
Ransomware disrupts a critical electricity asset at evening peak. Tests classifying "significant impact" (12-hour clock) versus otherwise-notifiable (72 hours), the ACSC report, and parallel AEMO/market notifications.
Your OT managed-services provider reports a breach; their engineers hold standing SCADA access. Tests safe third-party access re-establishment, materiality assessment, and CIRMP supply-chain hazard evidence.
A severe intrusion outpaces your response and the Minister's delegate signals possible Part 3A measures. Tests receiving an information-gathering direction, decision rights, and cooperation mechanics.
A planned, evaluated exercise on a grid-control scenario — activation, isolation authorities, ACSC engagement, recovery. Findings map to AESCSF and package as this year's cyber-hazard evidence.
A control-room engineer under investigation retains critical-asset access; overnight logs show unauthorized config exports. Tests containing access without tipping off, and the security/HR/legal sequence.
Weeks before the annual report, a moderate incident exposes a hazard-control marked effective. Tests how the report treats the open incident and what the attestation can honestly say.
Plus 59 additional scenarios across Energy, Water, Ports, Manufacturing, Healthcare, and more. Browse the full library →
Every CyberICS exercise automatically generates four categories of evidence that map directly to CIRMP and ACSC reporting documentation.
AI-generated structured PDF with gap analysis, corrective actions, and framework references. Ready within minutes of exercise completion.
Multi-page per-framework audit PDF: exercise log, controls mapping, gap analysis, remediation timeline, and signed attestation page.
Timestamped record of all participant responses, host actions, and step progression. Demonstrates real exercise activity to auditors.
Gaps identified in the exercise are automatically pushed to ServiceNow or Jira as remediation tickets — creating a documented corrective action trail.
CyberICS exercise evidence maps to multiple frameworks simultaneously. One exercise program — complete regulatory coverage.
Start free with a 14-day trial — no credit card required. Or talk to our Australia team about CIRMP exercise programs feeding your board-approved annual report.
Also explore: ISO 27001 Toolkit · IEC 62443 Toolkit · NIST SP 800-82 Toolkit