Active Cyber Program (ACP) is a cybersecurity assessment and certification framework designed to evaluate whether an organization operates an active and effective cybersecurity program.
The ACP framework focuses on verifying that cybersecurity is not only implemented but actively managed across governance, operational processes, and technical infrastructure.
The framework provides organizations with a structured method to evaluate, improve, and demonstrate their cybersecurity capabilities.
Current framework version:
ACP Framework Version 1.0
See the following files for version information:
VERSIONCHANGELOG.md
Many organizations deploy security technologies but lack a structured and actively managed cybersecurity program.
The Active Cyber Program (ACP) helps organizations:
- establish structured cybersecurity governance
- manage cyber risks effectively
- implement operational security processes
- strengthen technical protection mechanisms
- continuously improve cybersecurity maturity
The framework provides a practical and scalable approach suitable for organizations of different sizes and industries.
Organizations that successfully meet the ACP requirements may receive the:
Active Cyber Program (ACP) Certification
The certification confirms that the organization operates a structured and actively managed cybersecurity program.
Certified organizations may use the ACP Trust Label to demonstrate cybersecurity commitment to customers and partners.
The ACP Certification may only be issued by:
Wechsler Information Solution
The ACP framework is published to promote transparency and improve cybersecurity practices.
Organizations may use the framework for:
- internal cybersecurity assessments
- cybersecurity improvement initiatives
- educational purposes
However, organizations or individuals may not issue ACP certifications or represent themselves as an official ACP certification authority.
Only assessments performed under the authority of Wechsler Information Solution may result in official Active Cyber Program Certification.
See:
docs/governance.md
Organizations can apply the Active Cyber Program (ACP) independently to evaluate their cybersecurity posture. Getting started with ACP is simple.
The self-assessment guide explains step by step how to:
• define the assessment scope
• evaluate cybersecurity controls
• collect evidence
• calculate scores
• identify improvement areas
See:
docs/self-assessment-guide.md
The ACP framework consists of several core components.
The ACP principles describe the philosophy behind the framework and emphasize active cybersecurity management.
framework/acp-principles.md
The framework defines ten cybersecurity control domains covering governance, operational processes and technical security controls.
framework/control-domains.md
The ACP maturity model evaluates how effectively cybersecurity practices are implemented.
framework/maturity-levels.md
The ACP framework includes a structured assessment methodology to evaluate cybersecurity programs.
Assessment process:
docs/assessment-process.md
Assessment tools:
assessment/assessment-checklist.mdAssessment Checklistassessment/evidence-requirements.mdEvidence Requirementsassessment/scoring-model.mdScoring Model
The ACP certification program defines how organizations are evaluated and certified.
Certification rules:
docs/certification.md
Trust label usage:
docs/trust-label.md
The ACP framework is maintained and governed by Wechsler Information Solution.
Governance documentation:
docs/governance.md
The ACP framework is designed for organizations of all sizes, including:
- small and medium-sized enterprises (SMEs)
- technology companies
- service providers
- public sector organizations
- suppliers in security-sensitive industries
The framework is designed to be practical, scalable, and applicable across industries.
active-cyber-program/
README.md
VERSION
CHANGELOG.md
docs/
overview.md
assessment-process.md
certification.md
trust-label.md
governance.md
author.md
framework/
acp-principles.md
control-domains.md
maturity-levels.md
assessment/
assessment-checklist.md
evidence-requirements.md
scoring-model.md
templates/
assessment-report-template.md
certification-template.md
improvement-plan-template.md
assets/
acp-logo.png
acp-trust-label.png
Wechsler Information Solution, Tom Wechsler, Switzerland
Germany • Switzerland • Austria
Framework author: Tom Wechsler
See: docs/author.md
The Active Cyber Program (ACP) was created to provide a practical and transparent way to evaluate whether organizations operate an active cybersecurity program.
Cybersecurity evolves continuously.
The ACP framework will therefore evolve based on:
- emerging cyber threats
- assessment experience
- improvements in security practices
- feedback from organizations
New framework versions may be published periodically.
The ACP framework documentation is published to promote transparency and improve cybersecurity practices.
Use of the framework for internal assessments and cybersecurity improvement initiatives is permitted.
ACP Certification and the ACP Trust Label remain governed by the ACP certification program.