AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)
The American Water Works Association (AWWA) provides comprehensive cybersecurity guidance for water and wastewater utilities. Key publications include: AWWA Cybersecurity Risk & Responsibility in the Water Sector (2019), Process Control System Security Guidance for the Water Sector, and collaboration with WaterISAC. AWWA serves 50,000+ members representing water utilities, treatment plants, and suppliers. The guidance addresses unique challenges of water sector OT systems including SCADA, PLCs, and chemical dosing systems. Aligned with NIST Cybersecurity Framework, EPA requirements, and America's Water Infrastructure Act (AWIA) Section 2013.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (5)
Access Control and Identity Management
| Code | Title |
|---|---|
| AWWA-2.1 | User Access Management |
| AWWA-2.2 | Authentication Mechanisms |
| AWWA-2.3 | Account Management |
| AWWA-2.4 | Physical Access Controls |
Incident Response and Recovery
| Code | Title |
|---|---|
| AWWA-5.1 | Incident Response Plan |
| AWWA-5.2 | Incident Detection and Analysis |
| AWWA-5.3 | Business Continuity and Disaster Recovery |
| AWWA-5.4 | Backup and Restoration |
| AWWA-5.5 | Exercises and Testing |
| ICS-IR-1 | ICS incident response plan |
| ICS-IR-2 | ICS-specific forensics |
| ICS-IR-3 | Backup and recovery procedures |
| ICS-IR-4 | Coordination with ICS-CERT |
Network and Communications Security
| Code | Title |
|---|---|
| AWWA-3.1 | Network Segmentation |
| AWWA-3.2 | Remote Access Security |
| AWWA-3.3 | Wireless Security |
| AWWA-3.4 | Encryption and Data Protection |
Security Management and Governance
| Code | Title |
|---|---|
| AWWA-1.1 | Security Policy and Governance |
| AWWA-1.2 | Risk Assessment |
| AWWA-1.3 | Security Awareness and Training |
| AWWA-1.4 | Compliance and Regulatory Alignment |
System Security and Operations
| Code | Title |
|---|---|
| AWWA-4.1 | Malware Protection |
| AWWA-4.2 | Patch Management |
| AWWA-4.3 | Configuration Management |
| AWWA-4.4 | Audit Logging and Monitoring |
Maps to 622 other frameworks
Frequently Asked Questions
What is AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)?
AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association) is a compliance framework from United States (AWWA) with 5 domains and 25 controls. The American Water Works Association (AWWA) provides comprehensive cybersecurity guidance for water and wastewater utilities. Key publications include: AWWA Cybersecurity Risk & Responsibility in the Water Sector (2019), Process Control System Security Guidance for the Water Sector, and collaboration with WaterISAC. AWWA serves 50,000+ members representing water utilities, treatment plants, and suppliers. The guidance addresses unique challenges of water sector OT systems including SCADA, PLCs, and chemical dosing systems. Aligned with NIST Cybersecurity Framework, EPA requirements, and America's Water Infrastructure Act (AWIA) Section 2013. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association) have?
AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association) has 25 controls organised across 5 domains. The largest domains are Incident Response and Recovery (9 controls), Access Control and Identity Management (4 controls), Network and Communications Security (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association) map to?
AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association) maps to 622 other compliance frameworks. The top mapping partners are CISA ICS-CERT Advisories and Industrial Control Systems Security Guidelines (72% coverage), CSA CCM v4 (72% coverage), FAA Cybersecurity Framework for Aviation (72% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association) compliance?
Start your AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 25 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 692 frameworks.
Get Started Free →Free forever — no credit card required