top of page
Laws and regulations

(CS)² Standards & Regulations Guide

Use the format below to find the relevant standards or regulations based on your query, or you can clear filters to browse all items.

I'm looking for a: 

Title Sponsor

FM_Approvals_Logo_Horiz_Primary_pos_rgb.png

Supporting Sponsors

[ AVAILABLE ]

Community Resource Committee Members

Khalid Ansari.jpeg

Khalid Ansari

https://www.linkedin.com/in/kansari/
Saffira M_edited.jpg

Saffira M. den Graafsburg

linkedin icon.png
Katie Pehrson.jpeg

Katie Pehrson

linkedin icon.png
George Davis IV.jpeg

George Davis IV

linkedin icon.png
Jackie Issa.jpeg

Jackie Issa

linkedin icon.png
Reza Fatahi_edited.jpg

Reza Fatahi

linkedin icon.png
Monique Clarke_edited.jpg

Monique Clarke

linkedin icon.png

Resource Supporting Sponsors

Founding Committee Resource Sponsors

used in: 

that applies to: 

ISA/IEC-62443

Standard

Type:
published 2020
Status:
Relevant Use:

Global

The ISA/IEC 62443 series of standards define requirements and procedures for implementing electronically secure automation and industrial control systems and security practices and assessing electronic security performance. ISA/IEC 62433 provides a common set of requirements that enables product suppliers to deliver reliable, secure, and interoperable devices and systems

API-1164

Standard

Type:
Published
Status:
Relevant Use:

USA

Provides requirements and guidelines for managaing cyber risks tailored for the oil and natural gas pipeline industry. The standard includes requirements that should be customized prior to implementation . The standard applies to SCADA, local control, and IOT solutions. It is not intended to be used for safety instrumented systems.

NERC CIP

Standard, Regulation

Type:
Currently in force
Status:
Relevant Use:

USA, Canada, Mexico

Mandatory Bulk Electric System (BES) cybersecurity regulations that apply to utility companies connected to the North American power grid.

IEC TC 63452 (Rails)

Standard

Type:
WIP
Status:
Relevant Use:

Global

International standard for railway cybersecurity. A framework/unification of cybersecurity management in railway systems, tailored to the sector's specific operational enviornment. IEC 63452 will build on the existing industrial cybersecurity standards, such as IEC 62443 and the TS 50701

NIST 800-52

Guideline

Type:
In Force
Status:
Relevant Use:

USA

Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations. Although NIST SP 800-52 Rev. 2 is not specifically written for OT and ICS environments, the guidelines for implementing and configuring TLS are relevant to securing communication channels within these environments.

ENISA Guidelines on Cybersecurity for OT and ICS

Guideline

Type:
In Force
Status:
Relevant Use:

EU

Comprehensive guidelines to enhance the cybersecurity posture of Operational Technology (OT) and Industrial Control Systems (ICS). These guidelines are aimed at improving the security and resilience of critical infrastructure and industrial processes.

ETSI EN 303-645

Standard

Type:
in force
Status:
Relevant Use:

Europe

ETSI 303 645 is the first global cybersecurity standard for consumer IoT products, creating a cybersecurity baseline for manufacturers which can help ensure cybersecurity is incorporated into IoT products from their design.

NFPA 72

Code

Type:
Published
Status:
Relevant Use:

USA

Standard developed by the National Fire Protection Association (NFPA) that outlines requirements for the installation, testing, and maintenance of fire alarm systems and emergency communication systems.

TS SD 1580/82 -2022-01A

Directive

Type:
Status:
Relevant Use:

USA

TSA designated freight and passenger railroads notified by TSA based on risk determination must establish and implement a TSA-approved Cyber Implementation Plan (CIP) that describes specific measures employed and the schedule for achieving the following outcomes as more fully described in Section III.A through III.E Develop a Cyber Assessment Plan (CAP) for proactively assessing and auditing cybersecurity measures. The Cybersecurity Assessment Plan required by section III.F.1

NIST 800-82

Guideline

Type:
In Force
Status:
Relevant Use:

USA

Provides guidance on securing ICS by addressing unique performance, reliability, and safety requirements. Covers risk management, security architecture, access control, incident response, and system integrity. Overviews OT and common system topologies, identifies typical threats and vulnerabilities, and recommends security countermeasures to mitigate associated risks.

NIS 2 Directive

Directive

Type:
In Force
Status:
Relevant Use:

EU

The NIS 2 Directive is a legislative framework aimed at strengthening cybersecurity resilience across critical sectors and essential services in the EU and EEA. While not exclusively targeting OT/ICS cybersecurity, its provisions are relevant to these systems due to their critical role in essential services. NIS 2 mandates stricter security measures, incident reporting obligations, and cooperation mechanisms, indirectly benefiting OT/ICS cybersecurity by promoting a higher level of protection for network and information systems, including those used in industrial control systems.

ISO/IEC 27019

International Standard

Type:
In Force
Status:
Relevant Use:

Global

ISO/IEC 27019:2017 provides guidelines for applying the controls in ISO/IEC 27002 to process control systems used by energy utilities in the energy industry. This includes electricity generation, transmission, distribution, and supply, as well as oil and gas production. The standard focuses on ensuring information security in these critical infrastructures, with special attention to the unique requirements and risks associated with process control systems.

Load More

Have expertise in an existing or developing standard or regulation? Volunteer to develop this further!

bottom of page