Canonical FrameworkCompliance & Audit

APRA CPS 234

APRA CPS 234 control-mapping starter for Australian regulated financial entities. It references security capability, asset classification, testing, incident, third-party, and risk-management expectations, with configurable gateway controls or evidence fields where applicable.

This template is a configurable starting point and control mapping. It is not certification, legal advice, or a guarantee of compliance; validate it against your obligations and environment before use.

Regions

AU

References

3 references

Mapped Control Domains

7 mapped domains

Deployment

Regulated SaaS, Sovereign Region, Financial (Cache Disabled)

Referenced Frameworks, Standards & Obligations

APRA Prudential Standard CPS 234 (Information Security)APRA CPG 234 (Guidance)APRA CPS 220 (Risk Management)

Mapped Control Domains

Access Control
Incident Response
Vulnerability Management
Third Party Oversight
Audit Logging
Risk Management
Testing

Deployment profiles

Regulated SaaS
Sovereign Region
Financial (Cache Disabled)

Get started in 3 steps

1

Open the template

Open the catalog entry in the Keeptrusts console and review its included controls, references, and deployment metadata.

2

Adapt the configuration

Use the template as a starting point, then adjust relevant policies, thresholds, routing, and review settings for your requirements.

3

Validate before rollout

Test every outcome you configure—such as allow, redact, block, or operator review—before deploying through a supported gateway workflow.