Recommended Cybersecurity Standards and Frameworks

When integrating, operating or maintaining systems we strongly encourage you to refer to recognized industrial cybersecurity standards and regulatory guidance appropriate to your system architecture, risk profile and regulatory environment.

At a system level, the IEC 62443 series provides a globally recognized framework for securing Industrial Automation and Control Systems, with IEC 62443-3-3 defining system security requirements and security levels relevant to secure system design, integration and defense-in-depth architectures.

Asset owners and operators can find additional guidance from publications by NIST, including NIST SP 800-82 for industrial control systems and national or sector-specific frameworks, for example, the UK National Cyber Security Centre Cyber Assessment Framework (CAF).

In regulated sectors, you should also consider applicable regulatory guidance, for example, requirements enforced by Ofgem in the UK energy sector or mandatory standards, for example, NERC CIP in North America.

Note - These references are provided for guidance only, you remain responsible for selecting and implementing cybersecurity controls appropriate to your specific operational and regulatory context.

See Further Resources for details.

Last update - February 2026