This Standard specifies the requirements for rail transport operators (RTOs) for managing cyber security risk on the Australian railway network. It has been developed to assist RTOs to establish and maintain a good practice approach to industrial automation and control systems (IACS) and information technology (IT) that is used within their organisations to operate rail systems and protect them from deliberate cyber-attack. This Standard includes the requirements for implementing an effective cyber security management system for rail systems. In this Standard, rail cyber security is the preservation of the reliability, availability, maintainability and safety (RAMS) of rail control systems and the confidentiality, integrity and availability of data in ancillary systems and the privacy of customer information. The focus is on cyber threats that can lead to a reduction of reliability, availability, maintainability and safety of railway operations.