The document discusses the new mandatory Prudential Standard CPS-234 issued by APRA that came into effect on July 1, 2019 and specifies new cybersecurity requirements for APRA-regulated entities. It notes that a cybersecurity consulting firm reviewed CPS-234 against other industry standards and found that it lacked some critical information security controls. The document recommends that organizations develop a comprehensive information security management plan beyond what is outlined in CPS-234 alone to adequately protect themselves from security incidents. It advertises a list of 24 questions and implementation guidelines available from the consulting firm to help organizations assess and achieve compliance with CPS-234.