IEC's first international cybersecurity standard for railway systems. Improving the security of railways by integrating safety and security considerations into engineering. IEC 63452 will build on existing industrial cybersecurity standards IEC 62443 and TS 50701 and will include global references to align with different regulations and operational needs.

Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations. Although NIST SP 800-52 Rev. 2 is not specifically written for OT and ICS environments, the guidelines for implementing and configuring TLS are relevant to securing communication channels within these environments.

Comprehensive guidelines to enhance the cybersecurity posture of Operational Technology (OT) and Industrial Control Systems (ICS). These guidelines are aimed at improving the security and resilience of critical infrastructure and industrial processes.

Although it focuses on data protection, GDPR applies to OT and ICS where personal data is processed and applies to all organizations, regardless of their location, that process personal data of individuals residing in the EU and EEA.

Regulation establishing cybersecurity requirements for products with digital elements, ensuring they are secure throughout their lifecycle, with a focus on OT and ICS environments.

This may not be relevant to us CS2AI members as it targets consumer products.

​

Provides guidance on securing ICS by addressing unique performance, reliability, and safety requirements. Covers risk management, security architecture, access control, incident response, and system integrity. Overviews OT and common system topologies, identifies typical threats and vulnerabilities, and recommends security countermeasures to mitigate associated risks.

The NIS 2 Directive is a legislative framework aimed at strengthening cybersecurity resilience across critical sectors and essential services in the EU and EEA. While not exclusively targeting OT/ICS cybersecurity, its provisions are relevant to these systems due to their critical role in essential services. NIS 2 mandates stricter security measures, incident reporting obligations, and cooperation mechanisms, indirectly benefiting OT/ICS cybersecurity by promoting a higher level of protection for network and information systems, including those used in industrial control systems.

ISO/IEC 27019:2017 provides guidelines for applying the controls in ISO/IEC 27002 to process control systems used by energy utilities in the energy industry. This includes electricity generation, transmission, distribution, and supply, as well as oil and gas production. The standard focuses on ensuring information security in these critical infrastructures, with special attention to the unique requirements and risks associated with process control systems.

While primarily focused on information security management systems (ISMS) for IT environments, ISO/IEC 27001 can also be applied to OT environments to establish a systematic approach to managing cybersecurity risks.

The UNECE R155 standard, officially known as UN Regulation No. 155, focuses on cybersecurity and cybersecurity management systems for vehicles. It requires automotive manufacturers to have a cybersecurity management system (CSMS). Main points of the CSMS are to manage the risks to the vehicle, by performing a threat analysis, mitigating the vulnerabilities, and managing third-party suppliers' risk as well.

The ASME A17.1 / CSA B44, Safety Code for Elevators and Escalators, is the de facto code and guide throughout North America for the design, construction, installation, operation, inspection, testing, maintenance, alteration, and repair of elevators, escalators and related conveyances. The 2022 revision is one of its most significant updates and introduces several major changes including the addition of cybersecurity requirements.