TheArtOfService
Back to Frameworks

CISA Industrial Control Systems (ICS) Security Guidance

Self-Assess
United States (CISA)
vContinuous (no fixed version)
2 domains
16 controls

CISA, through its Industrial Control Systems Cyber Emergency Response Team (ICS‑CERT), publishes a continuous set of security resources for operational technology. This includes ICS‑CERT Advisories (vulnerability disclosures), Recommended Practices (RP‑1, RP‑2, etc.), Vulnerability Reports, Technical Documents, and Security Alerts, all aimed at improving the security of industrial control and SCADA systems.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (2)

CISA ICS: Defense-in-Depth Recommended Practice

9 controls
Controls in the CISA ICS: Defense-in-Depth Recommended Practice domain of CISA Industrial Control Systems (ICS) Security Guidance9 controls
CodeTitle
CISA-ICS-DID-21Risk Management for ICS
CISA-ICS-DID-22Asset Inventory and Risk Characterization
CISA-ICS-DID-23Physical Security
CISA-ICS-DID-24ICS Network Architecture
CISA-ICS-DID-25Security Architecture (Perimeter, Firewalls, Diodes, Access)
CISA-ICS-DID-26Host Security (Patch, Field Devices, Virtual Machines)
CISA-ICS-DID-27Security Monitoring (IDS/IPS, Logging, SIEM)
CISA-ICS-DID-28Vendor Management and Supply Chain Security
CISA-ICS-DID-29The Human Element (Awareness and Training)

CISA ICS: Seven Steps to Effectively Defend ICS

7 controls
Controls in the CISA ICS: Seven Steps to Effectively Defend ICS domain of CISA Industrial Control Systems (ICS) Security Guidance7 controls
CodeTitle
CISA-ICS-7S-1Implement Application Allowlisting (Whitelisting)
CISA-ICS-7S-2Ensure Proper Configuration and Patch Management
CISA-ICS-7S-3Reduce Your Attack Surface Area
CISA-ICS-7S-4Build a Defendable Environment
CISA-ICS-7S-5Manage Authentication
CISA-ICS-7S-6Implement Secure Remote Access
CISA-ICS-7S-7Monitor and Respond

Your Compliance Coverage

If you comply with CISA Industrial Control Systems (ICS) Security Guidance, you already cover:

NIST SP 800-53 Rev 5

100%

16 controls mapped

Compare →

NIST Cybersecurity Framework 2.0

100%

16 controls mapped

Compare →

ISO 27002:2022

6%

1 controls mapped

Compare →

+ 1 more: ISO 27001:2022 (6%)

See all 4 mapped frameworks ↓

Maps to 4 other frameworks

16 total controls
NIST SP 800-53 Rev 5
16 source controls mapped|17 target controls covered
100%
NIST Cybersecurity Framework 2.0
16 source controls mapped|12 target controls covered
100%
ISO 27002:2022
1 source controls mapped|2 target controls covered
6%
ISO 27001:2022
1 source controls mapped|2 target controls covered
6%
Compare CISA Industrial Control Systems (ICS) Security Guidance with NIST SP 800-53 Rev 5

Frequently Asked Questions

What is CISA Industrial Control Systems (ICS) Security Guidance?

CISA Industrial Control Systems (ICS) Security Guidance is a compliance framework from United States (CISA) with 2 domains and 16 controls. CISA, through its Industrial Control Systems Cyber Emergency Response Team (ICS‑CERT), publishes a continuous set of security resources for operational technology. This includes ICS‑CERT Advisories (vulnerability disclosures), Recommended Practices (RP‑1, RP‑2, etc.), Vulnerability Reports, Technical Documents, and Security Alerts, all aimed at improving the security of industrial control and SCADA systems. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does CISA Industrial Control Systems (ICS) Security Guidance have?

CISA Industrial Control Systems (ICS) Security Guidance has 16 controls organised across 2 domains. The largest domains are CISA ICS: Defense-in-Depth Recommended Practice (9 controls), CISA ICS: Seven Steps to Effectively Defend ICS (7 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does CISA Industrial Control Systems (ICS) Security Guidance map to?

CISA Industrial Control Systems (ICS) Security Guidance maps to 4 other compliance frameworks. The top mapping partners are NIST SP 800-53 Rev 5 (100% coverage), NIST Cybersecurity Framework 2.0 (100% coverage), ISO 27002:2022 (6% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with CISA Industrial Control Systems (ICS) Security Guidance compliance?

Start your CISA Industrial Control Systems (ICS) Security Guidance compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about CISA Industrial Control Systems (ICS) Security Guidance requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 16 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.

Get Started Free →

Free forever — no credit card required