The ISA/IEC 62443 series of standards define requirements and procedures for implementing electronically secure automation and industrial control systems and security practices and assessing electronic security performance. ISA/IEC 62433 provides a common set of requirements that enables product suppliers to deliver reliable, secure, and interoperable devices and systems

Provides requirements and guidelines for managaing cyber risks tailored for the oil and natural gas pipeline industry. The standard includes requirements that should be customized prior to implementation . The standard applies to SCADA, local control, and IOT solutions. It is not intended to be used for safety instrumented systems.

Mandatory Bulk Electric System (BES) cybersecurity regulations that apply to utility companies connected to the North American power grid.

International standard for railway cybersecurity. A framework/unification of cybersecurity management in railway systems, tailored to the sector's specific operational enviornment. IEC 63452 will build on the existing industrial cybersecurity standards, such as IEC 62443 and the TS 50701

Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations. Although NIST SP 800-52 Rev. 2 is not specifically written for OT and ICS environments, the guidelines for implementing and configuring TLS are relevant to securing communication channels within these environments.

Comprehensive guidelines to enhance the cybersecurity posture of Operational Technology (OT) and Industrial Control Systems (ICS). These guidelines are aimed at improving the security and resilience of critical infrastructure and industrial processes.

ETSI 303 645 is the first global cybersecurity standard for consumer IoT products, creating a cybersecurity baseline for manufacturers which can help ensure cybersecurity is incorporated into IoT products from their design.

Standard developed by the National Fire Protection Association (NFPA) that outlines requirements for the installation, testing, and maintenance of fire alarm systems and emergency communication systems.

TSA designated freight and passenger railroads notified by TSA based on risk determination must establish and implement a TSA-approved Cyber Implementation Plan (CIP) that describes specific measures employed and the schedule for achieving the following outcomes as more fully described in Section III.A through III.E Develop a Cyber Assessment Plan (CAP) for proactively assessing and auditing cybersecurity measures. The Cybersecurity Assessment Plan required by section III.F.1

Provides guidance on securing ICS by addressing unique performance, reliability, and safety requirements. Covers risk management, security architecture, access control, incident response, and system integrity. Overviews OT and common system topologies, identifies typical threats and vulnerabilities, and recommends security countermeasures to mitigate associated risks.

The NIS 2 Directive is a legislative framework aimed at strengthening cybersecurity resilience across critical sectors and essential services in the EU and EEA. While not exclusively targeting OT/ICS cybersecurity, its provisions are relevant to these systems due to their critical role in essential services. NIS 2 mandates stricter security measures, incident reporting obligations, and cooperation mechanisms, indirectly benefiting OT/ICS cybersecurity by promoting a higher level of protection for network and information systems, including those used in industrial control systems.

ISO/IEC 27019:2017 provides guidelines for applying the controls in ISO/IEC 27002 to process control systems used by energy utilities in the energy industry. This includes electricity generation, transmission, distribution, and supply, as well as oil and gas production. The standard focuses on ensuring information security in these critical infrastructures, with special attention to the unique requirements and risks associated with process control systems.