Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/tomwechsler/active-cyber-program

Active Cyber Program (ACP) is an open framework for assessing and certifying whether an organization operates an active and effective cybersecurity program.
https://github.com/tomwechsler/active-cyber-program

cisa cism cissp cybersecurity iso27001 it-security nist-csf

Last synced: 28 days ago
JSON representation

Active Cyber Program (ACP) is an open framework for assessing and certifying whether an organization operates an active and effective cybersecurity program.

Awesome Lists containing this project

README 

          
# Active Cyber Program (ACP)



![Framework Version](https://img.shields.io/badge/framework-ACP%201.0-blue)

![Status](https://img.shields.io/badge/status-active-green)

![Certification](https://img.shields.io/badge/certification-ACP-blue)

![Region](https://img.shields.io/badge/region-DACH-lightgrey)

![Maintainer](https://img.shields.io/badge/maintainer-Wechsler%20Information%20Solution-darkblue)



![ACP Logo](assets/acp-logo.png)



# About the Active Cyber Program (ACP)



**Active Cyber Program (ACP)** is a cybersecurity assessment and certification framework designed to evaluate whether an organization operates an **active and effective cybersecurity program**.



The ACP framework focuses on verifying that cybersecurity is **not only implemented but actively managed** across governance, operational processes, and technical infrastructure.



The framework provides organizations with a structured method to evaluate, improve, and demonstrate their cybersecurity capabilities.



---



# ACP Framework Overview





  ACP Framework Diagram




---



# Framework Version



Current framework version:



**ACP Framework Version 1.0**



See the following files for version information:



* `VERSION`

* `CHANGELOG.md`



---



# Purpose of the Framework



Many organizations deploy security technologies but lack a **structured and actively managed cybersecurity program**.



The **Active Cyber Program (ACP)** helps organizations:



* establish structured cybersecurity governance

* manage cyber risks effectively

* implement operational security processes

* strengthen technical protection mechanisms

* continuously improve cybersecurity maturity



The framework provides a **practical and scalable approach** suitable for organizations of different sizes and industries.



---



# ACP Certification



Organizations that successfully meet the ACP requirements may receive the:



**Active Cyber Program (ACP) Certification**



The certification confirms that the organization operates a **structured and actively managed cybersecurity program**.



Certified organizations may use the **ACP Trust Label** to demonstrate cybersecurity commitment to customers and partners.



---



# Certification Authority



The **ACP Certification** may only be issued by:



**Wechsler Information Solution**



The ACP framework is published to promote transparency and improve cybersecurity practices.



Organizations may use the framework for:



* internal cybersecurity assessments

* cybersecurity improvement initiatives

* educational purposes



However, organizations or individuals may **not issue ACP certifications** or represent themselves as an official ACP certification authority.



Only assessments performed under the authority of **Wechsler Information Solution** may result in official **Active Cyber Program Certification**.



See:

`docs/governance.md`



[Governance](./docs/governance.md)



---



# Self Assessment



Organizations can apply the **Active Cyber Program (ACP)** independently to evaluate their cybersecurity posture. Getting started with ACP is simple.



The self-assessment guide explains step by step how to:



• define the assessment scope  

• evaluate cybersecurity controls  

• collect evidence  

• calculate scores  

• identify improvement areas  



See:

`docs/self-assessment-guide.md`



[Self Assessment Guide](./docs/self-assessment-guide.md)



---



# ACP Framework Components



The ACP framework consists of several core components.



## ACP Principles



The ACP principles describe the philosophy behind the framework and emphasize active cybersecurity management.



`framework/acp-principles.md`



[ACP Principles](./framework/acp-principles.md)



---



## Control Domains



The framework defines ten cybersecurity control domains covering governance, operational processes and technical security controls.



`framework/control-domains.md`



[Control Domains](./framework/control-domains.md)



---



## Maturity Model



The ACP maturity model evaluates how effectively cybersecurity practices are implemented.



`framework/maturity-levels.md`



[Maturity Model](./framework/maturity-levels.md)



---



# Assessment Methodology



The ACP framework includes a structured assessment methodology to evaluate cybersecurity programs.



Assessment process:



`docs/assessment-process.md`



[Assessment Process](./docs/assessment-process.md)



Assessment tools:



* `assessment/assessment-checklist.md` [Assessment Checklist](./assessment/assessment-checklist.md)

* `assessment/evidence-requirements.md` [Evidence Requirements](./assessment/evidence-requirements.md)

* `assessment/scoring-model.md` [Scoring Model](./assessment/scoring-model.md)



---



# Certification Program



The ACP certification program defines how organizations are evaluated and certified.



Certification rules:



`docs/certification.md`



[Certification Program](./docs/certification.md)



Trust label usage:



`docs/trust-label.md`



[Trust Label](./docs/trust-label.md)



---



# Governance



The ACP framework is maintained and governed by **Wechsler Information Solution**.



Governance documentation:



`docs/governance.md`



[Governance](./docs/governance.md)



---



# Target Organizations



The ACP framework is designed for organizations of all sizes, including:



* small and medium-sized enterprises (SMEs)

* technology companies

* service providers

* public sector organizations

* suppliers in security-sensitive industries



The framework is designed to be **practical, scalable, and applicable across industries**.



---



# Repository Structure



```

active-cyber-program/



README.md

VERSION

CHANGELOG.md



docs/

   overview.md

   assessment-process.md

   certification.md

   trust-label.md

   governance.md

   author.md



framework/

   acp-principles.md

   control-domains.md

   maturity-levels.md



assessment/

   assessment-checklist.md

   evidence-requirements.md

   scoring-model.md



templates/

   assessment-report-template.md

   certification-template.md

   improvement-plan-template.md



assets/

   acp-logo.png

   acp-trust-label.png

```



---



# Maintained By



**Wechsler Information Solution, Tom Wechsler, Switzerland**



Germany • Switzerland • Austria



Framework author: Tom Wechsler  



See: `docs/author.md`



[Author](./docs/author.md)



## About the ACP Initiative



The Active Cyber Program (ACP) was created to provide a practical and transparent way to evaluate whether organizations operate an **active cybersecurity program**.



---



# Continuous Development



Cybersecurity evolves continuously.



The ACP framework will therefore evolve based on:



* emerging cyber threats

* assessment experience

* improvements in security practices

* feedback from organizations



New framework versions may be published periodically.



---



# License



The ACP framework documentation is published to promote transparency and improve cybersecurity practices.



Use of the framework for internal assessments and cybersecurity improvement initiatives is permitted.



ACP Certification and the ACP Trust Label remain governed by the ACP certification program.