OT CYBERSECURITY SOLUTIONS to Support Compliance

Take a Holistic Approach to Cybersecurity Compliance

Navigating the Complex Landscape of Cybersecurity Regulations and Standards for OT Environments

As cyber threats evolve, so do the regulatory frameworks designed to help protect critical infrastructure, sensitive data and organizational integrity. Compliance with these regulations is crucial for maintaining stakeholder trust, avoiding penalties and safeguarding your operations. Our experts can help you navigate how these regulations may impact your organization to not only strengthen your organization's cybersecurity posture but also maintain compliance.

Name	Acronym	Affected Regions	Impacted Industries	Description
International Society of Automation / International Electrotechnical Commission 62443	ISA/IEC 62443	Global	Industrial Automation and Control Systems (IACS) including energy, manufacturing, transportation, water, and more	Provides a comprehensive framework for securing industrial automation and control systems (IACS). The standards address cybersecurity throughout the entire lifecycle of IACS including risk assessment, secure design, implementation, operation and maintenance. It aims to protect critical infrastructure from cyber threats and improve the resilience and safety of industrial processes.
National Institute of Standards and Technology Cybersecurity Framework	NIST	Global	Critical Infrastructure, including Energy, Financial Services, Healthcare, and more	Provides a computer security guidance policy framework for private sector organizations on how to assess and improve their ability to prevent, detect and respond to cyber attacks. The voluntary framework uses a common language to address and manage cybersecurity risks in a cost-effective way based on business and organizational needs.

Name

Acronym

Affected Regions

Impacted Industries

Description

International Society of Automation / International Electrotechnical Commission 62443

ISA/IEC 62443

Global

Industrial Automation and Control Systems (IACS) including energy, manufacturing, transportation, water, and more

Provides a comprehensive framework for securing industrial automation and control systems (IACS). The standards address cybersecurity throughout the entire lifecycle of IACS including risk assessment, secure design, implementation, operation and maintenance. It aims to protect critical infrastructure from cyber threats and improve the resilience and safety of industrial processes.

National Institute of Standards and Technology Cybersecurity Framework

NIST

Global

Critical Infrastructure, including Energy, Financial Services, Healthcare, and more

Provides a computer security guidance policy framework for private sector organizations on how to assess and improve their ability to prevent, detect and respond to cyber attacks. The voluntary framework uses a common language to address and manage cybersecurity risks in a cost-effective way based on business and organizational needs.

Name	Acronym	Affected Regions	Impacted Industries	Description
Kingdom of Saudi Arabia Operational Technology Cybersecurity Controls	KSA OTCC	Saudi Arabia	Energy Government Healthcare Manufacturing Oil and Gas Transportation Water	Aims to protect critical infrastructure by mandating robust cybersecurity measures for OT environments. Regulations include requirements for continuous monitoring, incident response, risk assessment and maintaining a register of critical infrastructure assets. Failure to comply can result in significant fines.
North American Electric Reliability Corporation Critical Infrastructure Protection	NERC CIP	North America	Electric Power industry including Generation, Transmission and Distribution Providers Refineries and chemical plants with substations and/or generation facilities	Seeks to protect the bulk electric system (BES) in North America. They mandate that all BES Cyber Assets (BCAs) have malicious code prevention and risk mitigation plans in place for high, medium and low impact BES Cyber Systems (BCSs). Compliance is mandatory and enforceable under Section 215 of the Federal Power Act with financial penalties for non-compliance.
Network and Information Systems Directive 2	NIS2	European Union	Chemicals Data Centers Energy Healthcare Manufacturing Pharma Transportation Water And more	Aims to enhance the cybersecurity framework of critical sectors and digital service providers. It mandates that 'essential and important entities' improve their OT cybersecurity posture to protect against cyber threats. Penalties for non-compliance could reach €10M or 2% of an organization’s total revenue. Learn More
Security of Critical Infrastructure Act	SOCI	Australia	Commercial Spaces Corrections Data Centers Defense Energy Food Government Healthcare Transportation Sewerage Water	Intends to protect critical infrastructure assets essential to the functioning of the Australian economy, society and national security. It mandates enhanced obligations for both public and private sector organizations, including IT and OT cybersecurity incident reporting, risk management programs and maintaining a register of critical infrastructure assets. Failure to comply can result in fines or potential imprisonment.

An Outcome-Based Approach to OT Cybersecurity

Honeywell can help design and implement an OT cybersecurity program aligned to the NIST CSF outcomes

SPEAK TO AN EXPERT

Excellence in OT Cybersecurity: Our Memberships and Certifications

We are actively participating in some of the world’s most highly regarded cybersecurity organizations, some of which we are founding members of, in order to advance global cybersecurity efforts.

founding member

ISA-99 Committee

founding member

ISA Secure

founding member

ISA Global Security Alliance

DHS ICSJWG Steering Team

Public Safety Canada Advisory Team

Our organization, people, solutions and services have received one or more certifications from the organizations below. This highlights our ability to provide end-to-end solutions and world-class services that keep your people safe and your operations running.

OT CYBERSECURITY SOLUTIONS to Support Compliance

Navigating the Complex Landscape of Cybersecurity Regulations and Standards for OT Environments

An Outcome-Based Approach to OT Cybersecurity

Excellence in OT Cybersecurity: Our Memberships and Certifications

founding member

ISA-99 Committee

founding member

ISA Secure

founding member

ISA Global Security Alliance

DHS ICSJWG Steering Team

Public Safety Canada Advisory Team

ISA Secure

Certified Information Security Professional (CISP)

CompTIA

ISA/IEC 62443 Cybersecurity

GIAC

ISACA

EC-Council Certified Ethical Hacker (CEH)

OffSec

QuickStart Tellabs Fiber Optic Certified Technician

ISO

Cyber Essentials

Cybervadis

Exida

Key Resources

Want to improve your organization’s OT cyber resilience?