banner background
Solutions // Frameworks

Securing Australia’s Cybersecurity Future with the SOCI Act

The Security of Critical Infrastructure Act 2018 (SOCI Act) is Australian legislation that outlines the legal obligations for entities owning, operating, or having direct interests in critical infrastructure assets across 11 sectors. The SOCI Act is designed to enhance the protection of these assets from cyber threats. In this context, Armis, the asset intelligence cybersecurity company, offers a robust solution that can strengthen an organization’s cybersecurity posture and align with the requirements of the SOCI Act. Armis Centrix™, powered by the Armis AI-driven Asset Intelligence Engine, provides continuous asset discovery and inventory management capabilities, thereby protecting critical infrastructure from cyber threats and risk exposure in real time.

earth from space with Australia highlighted
SOCI Act Sectors

Key Obligations of the SOCI 2018 Act

The Security of Critical Infrastructure Act 2018 (SOCI Act) imposes several obligations on entities that own, operate, or have a direct interest in critical infrastructure assets. These obligations include:

  • Notification to Data Service Providers: Entities must inform external data service providers when they store or process business-critical data.
  • Registration of Critical Infrastructure Assets: Entities are required to register certain information related to critical infrastructure assets with the Cyber and Infrastructure Security Centre.
  • Implementation of a Risk Management Program: Entities must have and comply with a Risk Management Program for their critical infrastructure assets.
  • Mandatory Cyber Incident Reporting: Entities are required to report cybersecurity incidents that have a significant or relevant impact on their asset.

These measures ensure that the government has the necessary information to manage national security risks and respond appropriately to incidents

Cybersecurity Frameworks for Compliance with the SOCI Act 2018

The Security of Critical Infrastructure Act 2018 (SOCI Act) recognizes several approved cybersecurity frameworks that organizations can adopt to meet their obligations. These include ISO 27001 (Information Security Management), Essential 8, and the Australian Energy Sector Cyber Security Framework (AESCF). Notably, the National Institute of Standards and Technology (NIST) framework is also recognised as a robust and comprehensive guide for managing cybersecurity risks. The framework provides cybersecurity governance best practices for understanding, managing, and expressing cybersecurity risk to internal and external stakeholders. In conjunction with Armis, it can be used to help identify and prioritize actions for reducing cybersecurity risk in your environment. Adopting such frameworks helps organizations align with the SOCI Act’s requirements and enhances their overall cybersecurity posture.

SOCI Act Frameworks
banner gradient background

See, Protect, Manage Each and Every Asset

Leading Australian University Expands Device Awareness and Increases Asset Security

This leading public university in Australia that specializes in technology needed visibility into its vast network of assets to strengthen its security posture and reduce the risk of cyber incidents. Armis gave the university unprecedented visibility into network assets that far surpassed expectations, secured the network, and enhanced faculty communication.

university students studying in a library