{"id":50301965,"url":"https://github.com/tomwechsler/active-cyber-program","last_synced_at":"2026-05-28T13:09:01.304Z","repository":{"id":342748466,"uuid":"1174148949","full_name":"tomwechsler/active-cyber-program","owner":"tomwechsler","description":"Active Cyber Program (ACP) is an open framework for assessing and certifying whether an organization operates an active and effective cybersecurity program.","archived":false,"fork":false,"pushed_at":"2026-05-18T04:55:13.000Z","size":11315,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-18T06:49:50.158Z","etag":null,"topics":["cisa","cism","cissp","cybersecurity","iso27001","it-security","nist-csf"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tomwechsler.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":"docs/governance.md","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-06T05:48:58.000Z","updated_at":"2026-05-18T04:55:16.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/tomwechsler/active-cyber-program","commit_stats":null,"previous_names":["tomwechsler/active-cyber-program"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/tomwechsler/active-cyber-program","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomwechsler%2Factive-cyber-program","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomwechsler%2Factive-cyber-program/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomwechsler%2Factive-cyber-program/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomwechsler%2Factive-cyber-program/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tomwechsler","download_url":"https://codeload.github.com/tomwechsler/active-cyber-program/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomwechsler%2Factive-cyber-program/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33609472,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-28T02:00:06.440Z","response_time":99,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cisa","cism","cissp","cybersecurity","iso27001","it-security","nist-csf"],"created_at":"2026-05-28T13:09:01.237Z","updated_at":"2026-05-28T13:09:01.288Z","avatar_url":"https://github.com/tomwechsler.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Active Cyber Program (ACP)\n\n![Framework Version](https://img.shields.io/badge/framework-ACP%201.0-blue)\n![Status](https://img.shields.io/badge/status-active-green)\n![Certification](https://img.shields.io/badge/certification-ACP-blue)\n![Region](https://img.shields.io/badge/region-DACH-lightgrey)\n![Maintainer](https://img.shields.io/badge/maintainer-Wechsler%20Information%20Solution-darkblue)\n\n![ACP Logo](assets/acp-logo.png)\n\n# About the Active Cyber Program (ACP)\n\n**Active Cyber Program (ACP)** is a cybersecurity assessment and certification framework designed to evaluate whether an organization operates an **active and effective cybersecurity program**.\n\nThe ACP framework focuses on verifying that cybersecurity is **not only implemented but actively managed** across governance, operational processes, and technical infrastructure.\n\nThe framework provides organizations with a structured method to evaluate, improve, and demonstrate their cybersecurity capabilities.\n\n---\n\n# ACP Framework Overview\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"assets/acp-framework-diagram.png\" alt=\"ACP Framework Diagram\" width=\"500\"\u003e\n\u003c/p\u003e\n\n---\n\n# Framework Version\n\nCurrent framework version:\n\n**ACP Framework Version 1.0**\n\nSee the following files for version information:\n\n* `VERSION`\n* `CHANGELOG.md`\n\n---\n\n# Purpose of the Framework\n\nMany organizations deploy security technologies but lack a **structured and actively managed cybersecurity program**.\n\nThe **Active Cyber Program (ACP)** helps organizations:\n\n* establish structured cybersecurity governance\n* manage cyber risks effectively\n* implement operational security processes\n* strengthen technical protection mechanisms\n* continuously improve cybersecurity maturity\n\nThe framework provides a **practical and scalable approach** suitable for organizations of different sizes and industries.\n\n---\n\n# ACP Certification\n\nOrganizations that successfully meet the ACP requirements may receive the:\n\n**Active Cyber Program (ACP) Certification**\n\nThe certification confirms that the organization operates a **structured and actively managed cybersecurity program**.\n\nCertified organizations may use the **ACP Trust Label** to demonstrate cybersecurity commitment to customers and partners.\n\n---\n\n# Certification Authority\n\nThe **ACP Certification** may only be issued by:\n\n**Wechsler Information Solution**\n\nThe ACP framework is published to promote transparency and improve cybersecurity practices.\n\nOrganizations may use the framework for:\n\n* internal cybersecurity assessments\n* cybersecurity improvement initiatives\n* educational purposes\n\nHowever, organizations or individuals may **not issue ACP certifications** or represent themselves as an official ACP certification authority.\n\nOnly assessments performed under the authority of **Wechsler Information Solution** may result in official **Active Cyber Program Certification**.\n\nSee:\n`docs/governance.md`\n\n[Governance](./docs/governance.md)\n\n---\n\n# Self Assessment\n\nOrganizations can apply the **Active Cyber Program (ACP)** independently to evaluate their cybersecurity posture. Getting started with ACP is simple.\n\nThe self-assessment guide explains step by step how to:\n\n• define the assessment scope  \n• evaluate cybersecurity controls  \n• collect evidence  \n• calculate scores  \n• identify improvement areas  \n\nSee:\n`docs/self-assessment-guide.md`\n\n[Self Assessment Guide](./docs/self-assessment-guide.md)\n\n---\n\n# ACP Framework Components\n\nThe ACP framework consists of several core components.\n\n## ACP Principles\n\nThe ACP principles describe the philosophy behind the framework and emphasize active cybersecurity management.\n\n`framework/acp-principles.md`\n\n[ACP Principles](./framework/acp-principles.md)\n\n---\n\n## Control Domains\n\nThe framework defines ten cybersecurity control domains covering governance, operational processes and technical security controls.\n\n`framework/control-domains.md`\n\n[Control Domains](./framework/control-domains.md)\n\n---\n\n## Maturity Model\n\nThe ACP maturity model evaluates how effectively cybersecurity practices are implemented.\n\n`framework/maturity-levels.md`\n\n[Maturity Model](./framework/maturity-levels.md)\n\n---\n\n# Assessment Methodology\n\nThe ACP framework includes a structured assessment methodology to evaluate cybersecurity programs.\n\nAssessment process:\n\n`docs/assessment-process.md`\n\n[Assessment Process](./docs/assessment-process.md)\n\nAssessment tools:\n\n* `assessment/assessment-checklist.md` [Assessment Checklist](./assessment/assessment-checklist.md)\n* `assessment/evidence-requirements.md` [Evidence Requirements](./assessment/evidence-requirements.md)\n* `assessment/scoring-model.md` [Scoring Model](./assessment/scoring-model.md)\n\n---\n\n# Certification Program\n\nThe ACP certification program defines how organizations are evaluated and certified.\n\nCertification rules:\n\n`docs/certification.md`\n\n[Certification Program](./docs/certification.md)\n\nTrust label usage:\n\n`docs/trust-label.md`\n\n[Trust Label](./docs/trust-label.md)\n\n---\n\n# Governance\n\nThe ACP framework is maintained and governed by **Wechsler Information Solution**.\n\nGovernance documentation:\n\n`docs/governance.md`\n\n[Governance](./docs/governance.md)\n\n---\n\n# Target Organizations\n\nThe ACP framework is designed for organizations of all sizes, including:\n\n* small and medium-sized enterprises (SMEs)\n* technology companies\n* service providers\n* public sector organizations\n* suppliers in security-sensitive industries\n\nThe framework is designed to be **practical, scalable, and applicable across industries**.\n\n---\n\n# Repository Structure\n\n```\nactive-cyber-program/\n\nREADME.md\nVERSION\nCHANGELOG.md\n\ndocs/\n   overview.md\n   assessment-process.md\n   certification.md\n   trust-label.md\n   governance.md\n   author.md\n\nframework/\n   acp-principles.md\n   control-domains.md\n   maturity-levels.md\n\nassessment/\n   assessment-checklist.md\n   evidence-requirements.md\n   scoring-model.md\n\ntemplates/\n   assessment-report-template.md\n   certification-template.md\n   improvement-plan-template.md\n\nassets/\n   acp-logo.png\n   acp-trust-label.png\n```\n\n---\n\n# Maintained By\n\n**Wechsler Information Solution, Tom Wechsler, Switzerland**\n\nGermany • Switzerland • Austria\n\nFramework author: Tom Wechsler  \n\nSee: `docs/author.md`\n\n[Author](./docs/author.md)\n\n## About the ACP Initiative\n\nThe Active Cyber Program (ACP) was created to provide a practical and transparent way to evaluate whether organizations operate an **active cybersecurity program**.\n\n---\n\n# Continuous Development\n\nCybersecurity evolves continuously.\n\nThe ACP framework will therefore evolve based on:\n\n* emerging cyber threats\n* assessment experience\n* improvements in security practices\n* feedback from organizations\n\nNew framework versions may be published periodically.\n\n---\n\n# License\n\nThe ACP framework documentation is published to promote transparency and improve cybersecurity practices.\n\nUse of the framework for internal assessments and cybersecurity improvement initiatives is permitted.\n\nACP Certification and the ACP Trust Label remain governed by the ACP certification program.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftomwechsler%2Factive-cyber-program","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftomwechsler%2Factive-cyber-program","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftomwechsler%2Factive-cyber-program/lists"}