Topic Hub · Compliance
OT compliance lives at the intersection of frameworks designed for IT and a physical process that does not bend to checkbox audits. The articles below cover SOC 2 OT scope, PCI DSS physical scope, IEC 62443, NIST 800-82, TSA Pipeline directives, EPA water guidance, NIS2 readiness, and CMMC.
Related service
OT Compliance ReadinessOT compliance readiness for SOC 2, IEC 62443, TSA, EPA, and NIS2.
Field Reports & Research (18)
Field Report
TSA security directives for pipeline systems have evolved significantly. We explain current requirements and what compliance looks like in practice.
Read field report →
Field Report
The 62443 family is sprawling. We cut it down to the zones, conduits, and security levels that most heavy manufacturers will actually be audited on.
Read field report →
Field Report
European NIS2 regulation affects US-based subsidiaries and suppliers. We explain how and what compliance requires.
Read field report →
Field Report
The 62443 standard requires system integrators to meet specific security competencies. We explain the framework and its implications for vendor manage
Read field report →
Field Report
Most SOC 2 scopes stop at the corporate perimeter. For data centers and manufacturers, that leaves the most operationally consequential systems outsid
Read field report →
Field Report
The EPA has issued extensive cybersecurity guidance for water utilities. We break down the key expectations and practical implications.
Read field report →
Field Report
Industrial organizations seeking cyber insurance are increasingly asked about OT security. We explain what underwriters look for and how to prepare.
Read field report →
Field Report
A recurring theme in OT security commentary is that the Purdue Enterprise Reference Architecture — the multi-level industrial zoning model that has…
Read field report →
Field Report
Industrial historians store operational data for analysis and compliance. Design historian systems for high availability, recovery, and secure data ma
Read field report →
Field Report
The CISA Industrial Control Systems Cyber Incident Analysis Act requires incident reporting. Learn what criteria apply and how to prepare.
Read field report →
Field Report
Accurate time is foundational to OT security. Without it, forensics become impossible, compliance audits fail, and security controls malfunction.
Read field report →
Field Report
Choosing between a combined security operations center and separate IT and OT teams has major implications for incident response and threat hunting.
Read field report →
Field Report
Smaller electric utilities, municipal utilities, and rural co-operatives often believe that NERC Critical Infrastructure Protection standards apply on
Read field report →
Field Report
Effective visitor management balances safety, compliance, and operational continuity. Discover processes for credential verification, escort protocols
Read field report →
Field Report
Multi-tenant colocation requires strict security boundaries between tenants. Implement physical separation, access control
Read field report →
Field Report
Physical key management is often neglected in favor of electronic access. Implement proper key control procedures, auditing
Read field report →
Field Report
NIST SP 800-82, the authoritative guidance on securing industrial control systems, was revised significantly.
Read field report →
Field Report
Digital certificates secure OPC UA, TLS, and other modern ICS protocols. Implement certificate lifecycle management, PKI architecture
Read field report →
Need this expertise applied to your facility?