Back to Frameworks
US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements
United States (EPA)
v2018 (AWIA, with 2023 updates)
3 domains
3 controls
The US Environmental Protection Agency (EPA) enforces cybersecurity requirements for public water systems under the Safe Drinking Water Act (SDWA). Key requirements include: America's Water Infrastructure Act (AWIA, 2018) Section 2013 mandating risk and resilience assessments including cyber risks, EPA enforcement actions for cybersecurity failures (using SDWA Section 1433), and EPA's 2023 memorandum requiring states to include cybersecurity in public water system sanitary surveys. EPA works with CISA to provide technical assistance. Applies to approximately 151,000 public water systems in the United States.
Unverified
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (3)
Cybersecurity
1 controls
| Code | Title |
|---|---|
| USSDWA-2 | Cybersecurity Practices (Assessment, Access, Network, IR) |
Reporting
1 controls
| Code | Title |
|---|---|
| USSDWA-3 | EPA Reporting and Inspection |
Risk Assessment
1 controls
| Code | Title |
|---|---|
| USSDWA-1 | AWIA Section 2013 Risk and Resilience Assessment |
Your Compliance Coverage
If you comply with US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements, you already cover:
Vietnam Law on Cybersecurity (No. 24/2018/QH14)
33%
1 controls mapped
Compare →Vermont Artificial Intelligence and Consumer Data Act (AICDA)
33%
1 controls mapped
Compare →USMCA Chapter 19 - Digital Trade (United States-Mexico-Canada Agreement)
33%
1 controls mapped
Compare →+ 155 more: US Maritime Transportation Security Act (MTSA) and USCG Cybersecurity Requirements (33%), US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule (33%)
See all 158 mapped frameworks ↓Maps to 158 other frameworks
3 total controls
Vietnam Law on Cybersecurity (No. 24/2018/QH14)
1 source controls mapped|1 target controls covered
33%
Vermont Artificial Intelligence and Consumer Data Act (AICDA)
1 source controls mapped|1 target controls covered
33%
USMCA Chapter 19 - Digital Trade (United States-Mexico-Canada Agreement)
1 source controls mapped|1 target controls covered
33%
US Maritime Transportation Security Act (MTSA) and USCG Cybersecurity Requirements
1 source controls mapped|1 target controls covered
33%
US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule
1 source controls mapped|1 target controls covered
33%
AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)
1 source controls mapped|5 target controls covered
33%
ISO/IEC 27011:2024
1 source controls mapped|4 target controls covered
33%
Azure Security Benchmark
1 source controls mapped|3 target controls covered
33%
ASD Strategies to Mitigate Cyber Security Incidents
1 source controls mapped|6 target controls covered
33%
CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0
1 source controls mapped|6 target controls covered
33%
ISO/IEC 27010:2015
1 source controls mapped|4 target controls covered
33%
API 1164
1 source controls mapped|8 target controls covered
33%
NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI)
1 source controls mapped|9 target controls covered
33%
AWS Well-Architected Security Pillar
1 source controls mapped|3 target controls covered
33%
GLBA
1 source controls mapped|3 target controls covered
33%
IACS Unified Requirements E26/E27 - Cyber Resilience of Ships and On-Board Systems
1 source controls mapped|5 target controls covered
33%
IEEE 1686
1 source controls mapped|4 target controls covered
33%
India CERT-In Cyber Security Directions 2022
1 source controls mapped|2 target controls covered
33%
ISMAP (Japan)
1 source controls mapped|3 target controls covered
33%
Laos Law on Prevention and Combating Cybercrime (2015)
1 source controls mapped|2 target controls covered
33%
MITRE ATT&CK
1 source controls mapped|3 target controls covered
33%
MITRE D3FEND
1 source controls mapped|2 target controls covered
33%
Monetary Authority of Singapore Technology Risk Management Guidelines
1 source controls mapped|2 target controls covered
33%
Myanmar Cybersecurity Law (2023)
1 source controls mapped|1 target controls covered
33%
NERC CIP
1 source controls mapped|2 target controls covered
33%
New Zealand Information Security Manual (NZISM)
1 source controls mapped|1 target controls covered
33%
NIS2 Directive Implementing Acts
1 source controls mapped|3 target controls covered
33%
NIST SP 800-123
1 source controls mapped|2 target controls covered
33%
NIST SP 800-144
1 source controls mapped|3 target controls covered
33%
NIST SP 800-145
1 source controls mapped|2 target controls covered
33%
NIST SP 800-146
1 source controls mapped|2 target controls covered
33%
NIST SP 800-61
1 source controls mapped|2 target controls covered
33%
NIST SP 800-63-4
1 source controls mapped|2 target controls covered
33%
NIST SP 800-88
1 source controls mapped|2 target controls covered
33%
NIST SP 800-92
1 source controls mapped|2 target controls covered
33%
Oman National Cybersecurity Framework
1 source controls mapped|3 target controls covered
33%
Open Banking Security
1 source controls mapped|3 target controls covered
33%
OWASP MASVS
1 source controls mapped|2 target controls covered
33%
OWASP SAMM
1 source controls mapped|2 target controls covered
33%
PTES
1 source controls mapped|2 target controls covered
33%
PSD2 SCA
1 source controls mapped|3 target controls covered
33%
SIG (Shared Assessments)
1 source controls mapped|2 target controls covered
33%
SLSA
1 source controls mapped|3 target controls covered
33%
APRA CPS 234
1 source controls mapped|4 target controls covered
33%
ISO/IEC 29115:2023 - Entity Authentication Assurance Framework
1 source controls mapped|3 target controls covered
33%
ISO/IEC 27400:2022
1 source controls mapped|2 target controls covered
33%
NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
1 source controls mapped|5 target controls covered
33%
APPI
1 source controls mapped|3 target controls covered
33%
BSI IT-Grundschutz
1 source controls mapped|6 target controls covered
33%
ISO 19011
1 source controls mapped|2 target controls covered
33%
ISO 15189:2022 - Medical Laboratories Requirements for Quality and Competence
1 source controls mapped|2 target controls covered
33%
Illinois Biometric Information Privacy Act (BIPA)
1 source controls mapped|2 target controls covered
33%
FFIEC Cybersecurity Assessment Tool (CAT)
1 source controls mapped|3 target controls covered
33%
AML/CTF Act 2006 (Australia)
1 source controls mapped|1 target controls covered
33%
Bank Secrecy Act / Anti-Money Laundering (BSA/AML)
1 source controls mapped|1 target controls covered
33%
ISO 13485
1 source controls mapped|1 target controls covered
33%
ISO/IEC 23837 - Security Requirements for Quantum Key Distribution
1 source controls mapped|1 target controls covered
33%
Armenia Law on Protection of Personal Data (2015)
1 source controls mapped|1 target controls covered
33%
IEC 62351 - Power Systems Communication Security
1 source controls mapped|1 target controls covered
33%
Bahrain PDPL
1 source controls mapped|3 target controls covered
33%
FDA 21 CFR Part 11
1 source controls mapped|2 target controls covered
33%
Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)
1 source controls mapped|3 target controls covered
33%
FIDO2 / WebAuthn
1 source controls mapped|2 target controls covered
33%
FISMA
1 source controls mapped|3 target controls covered
33%
Florida Digital Bill of Rights (FDBR)
1 source controls mapped|2 target controls covered
33%
FTC GLBA Safeguards Rule (16 CFR Part 314)
1 source controls mapped|2 target controls covered
33%
Ghana Cybersecurity Act
1 source controls mapped|5 target controls covered
33%
GLI-33 - Gaming Laboratories International Event Wagering Systems
1 source controls mapped|1 target controls covered
33%
HITECH Act
1 source controls mapped|2 target controls covered
33%
HL7 FHIR Security Framework
1 source controls mapped|1 target controls covered
33%
IAEA Nuclear Security Series - Computer Security at Nuclear Facilities (NSS-17-T Rev 1)
1 source controls mapped|2 target controls covered
33%
IATA Operational Safety Audit (IOSA) Standards Manual
1 source controls mapped|1 target controls covered
33%
ICAO Annex 17 - Aviation Security (AVSEC)
1 source controls mapped|1 target controls covered
33%
IMO Maritime Cybersecurity Guidelines (MSC-FAL.1/Circ.3/Rev.2)
1 source controls mapped|1 target controls covered
33%
Indonesia PDP Law
1 source controls mapped|3 target controls covered
33%
Iowa Consumer Data Protection Act
1 source controls mapped|3 target controls covered
33%
ITU-T X.805 - Security Architecture for End-to-End Communications
1 source controls mapped|2 target controls covered
33%
Jamaica Data Protection Act 2020
1 source controls mapped|3 target controls covered
33%
South Korea PIPA
1 source controls mapped|3 target controls covered
33%
MARS-E
1 source controls mapped|5 target controls covered
33%
MDS2 (Medical Device)
1 source controls mapped|3 target controls covered
33%
MTCS (Singapore)
1 source controls mapped|3 target controls covered
33%
NAIC Insurance Data Security Model Law (MDL-668)
1 source controls mapped|2 target controls covered
33%
New Hampshire Data Privacy Act
1 source controls mapped|2 target controls covered
33%
NIS2 Directive
1 source controls mapped|3 target controls covered
33%
NIST Privacy Framework
1 source controls mapped|2 target controls covered
33%
NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)
1 source controls mapped|1 target controls covered
33%
NIST SP 800-122
1 source controls mapped|2 target controls covered
33%
NIST SP 800-137
1 source controls mapped|1 target controls covered
33%
NIST SP 800-66
1 source controls mapped|3 target controls covered
33%
NIST SP 800-82 Revision 3: Guide to Industrial Control Systems (ICS) Security
1 source controls mapped|3 target controls covered
33%
O-RAN WG11 Security Specification
1 source controls mapped|1 target controls covered
33%
OpenSSF Scorecard
1 source controls mapped|1 target controls covered
33%
Oregon Consumer Privacy Act
1 source controls mapped|2 target controls covered
33%
OWASP DevSecOps Maturity Model (DSOMM)
1 source controls mapped|3 target controls covered
33%
OWASP Top 10 for LLM Applications 2025
1 source controls mapped|2 target controls covered
33%
OWASP Top 10:2025
1 source controls mapped|1 target controls covered
33%
PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments
1 source controls mapped|2 target controls covered
33%
PDPA Singapore
1 source controls mapped|2 target controls covered
33%
PDPA Thailand
1 source controls mapped|2 target controls covered
33%
Personal Data Act (personopplysningsloven)
1 source controls mapped|2 target controls covered
33%
Privacy Act 2020
1 source controls mapped|2 target controls covered
33%
Protective Security Policy Framework (PSPF) Release 2024
1 source controls mapped|3 target controls covered
33%
Regulation on the European Health Data Space (EHDS)
1 source controls mapped|1 target controls covered
33%
Secure by Design: A Guide for Manufacturers (CISA)
1 source controls mapped|1 target controls covered
33%
Sigstore - Software Artifact Signing and Verification
1 source controls mapped|1 target controls covered
33%
TISAX - Trusted Information Security Assessment Exchange
1 source controls mapped|1 target controls covered
33%
Regional Comprehensive Economic Partnership (RCEP) - E-Commerce Chapter
1 source controls mapped|1 target controls covered
33%
Uruguay DPL
1 source controls mapped|2 target controls covered
33%
Barbados Data Protection Act 2019
1 source controls mapped|1 target controls covered
33%
ISO/IEC 30111:2019
1 source controls mapped|2 target controls covered
33%
ISO/IEC 29147:2018
1 source controls mapped|1 target controls covered
33%
COSO Internal Control - Integrated Framework (2013)
1 source controls mapped|1 target controls covered
33%
Canada ITSG-33 - IT Security Risk Management
1 source controls mapped|1 target controls covered
33%
NIST AI Risk Management Framework (AI RMF 1.0)
1 source controls mapped|1 target controls covered
33%
APRA CPS 230 Operational Risk Management
1 source controls mapped|1 target controls covered
33%
NIST SP 800-171
1 source controls mapped|1 target controls covered
33%
ASIS SPC.1-2009 - Organizational Resilience Standard
1 source controls mapped|1 target controls covered
33%
FedRAMP Rev 5
1 source controls mapped|2 target controls covered
33%
Family Educational Rights and Privacy Act (FERPA)
1 source controls mapped|1 target controls covered
33%
FIRST CSIRT Services Framework and Standards
1 source controls mapped|1 target controls covered
33%
HKMA SPM
1 source controls mapped|1 target controls covered
33%
Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018)
1 source controls mapped|1 target controls covered
33%
India DPDP Act
1 source controls mapped|1 target controls covered
33%
Indiana Consumer Data Protection Act
1 source controls mapped|1 target controls covered
33%
Japan FSA Cybersecurity Guidelines for Financial Institutions
1 source controls mapped|1 target controls covered
33%
Kentucky Consumer Data Protection Act
1 source controls mapped|2 target controls covered
33%
Law No. 172-13 on the Protection of Personal Data
1 source controls mapped|1 target controls covered
33%
Ley Orgánica de Protección de Datos Personales (LOPDP)
1 source controls mapped|1 target controls covered
33%
LGPD
1 source controls mapped|1 target controls covered
33%
Liechtenstein DPA
1 source controls mapped|1 target controls covered
33%
Malaysia PDPA 2010
1 source controls mapped|2 target controls covered
33%
Maryland Online Data Privacy Act of 2024
1 source controls mapped|2 target controls covered
33%
Mauritius DPA
1 source controls mapped|1 target controls covered
33%
Mexico LFPDPPP
1 source controls mapped|1 target controls covered
33%
Minnesota Consumer Data Privacy Act
1 source controls mapped|1 target controls covered
33%
Montana Consumer Data Privacy Act
1 source controls mapped|1 target controls covered
33%
Nebraska Data Privacy Act
1 source controls mapped|4 target controls covered
33%
Nevada Gaming Control Board Cybersecurity Requirements
1 source controls mapped|1 target controls covered
33%
New Jersey Data Privacy Act
1 source controls mapped|2 target controls covered
33%
Nigeria Data Protection Act 2023 (NDPA)
1 source controls mapped|4 target controls covered
33%
Nigeria Data Protection Regulation (NDPR)
1 source controls mapped|1 target controls covered
33%
Nigeria Open Banking Regulatory Framework (CBN, 2023)
1 source controls mapped|1 target controls covered
33%
NRF Cybersecurity and Data Privacy Framework (National Retail Federation)
1 source controls mapped|1 target controls covered
33%
OSFI B-13
1 source controls mapped|3 target controls covered
33%
UK Gambling Commission - Cyber Resilience Requirements
1 source controls mapped|1 target controls covered
33%
UK GDPR (UK General Data Protection Regulation)
1 source controls mapped|1 target controls covered
33%
Turkey KVKK
1 source controls mapped|1 target controls covered
33%
Trinidad and Tobago Data Protection Act 2011
1 source controls mapped|1 target controls covered
33%
TSA Pipeline Cybersecurity Directives
1 source controls mapped|1 target controls covered
33%
Texas Data Privacy Act
1 source controls mapped|1 target controls covered
33%
Tanzania Personal Data Protection Act (Draft)
1 source controls mapped|1 target controls covered
33%
Taiwan PDPA
1 source controls mapped|1 target controls covered
33%
Qatar DPL
1 source controls mapped|2 target controls covered
33%
POPIA
1 source controls mapped|1 target controls covered
33%
Peru DPL
1 source controls mapped|2 target controls covered
33%
Papua New Guinea National Cybersecurity Policy & Cybercrime Act (2016)
1 source controls mapped|1 target controls covered
33%
Pakistan Personal Data Protection Bill 2023
1 source controls mapped|1 target controls covered
33%
Frequently Asked Questions
What is US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements?
US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements is a compliance framework from United States (EPA) with 3 domains and 3 controls. The US Environmental Protection Agency (EPA) enforces cybersecurity requirements for public water systems under the Safe Drinking Water Act (SDWA). Key requirements include: America's Water Infrastructure Act (AWIA, 2018) Section 2013 mandating risk and resilience assessments including cyber risks, EPA enforcement actions for cybersecurity failures (using SDWA Section 1433), and EPA's 2023 memorandum requiring states to include cybersecurity in public water system sanitary surveys. EPA works with CISA to provide technical assistance. Applies to approximately 151,000 public water systems in the United States. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements have?
US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements has 3 controls organised across 3 domains. The largest domains are Cybersecurity (1 controls), Reporting (1 controls), Risk Assessment (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements map to?
US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements maps to 158 other compliance frameworks. The top mapping partners are Vietnam Law on Cybersecurity (No. 24/2018/QH14) (33% coverage), Vermont Artificial Intelligence and Consumer Data Act (AICDA) (33% coverage), USMCA Chapter 19 - Digital Trade (United States-Mexico-Canada Agreement) (33% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements compliance?
Start your US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 3 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 700 frameworks.
Get Started Free →Free forever — no credit card required