OT / ICS Cybersecurity Services
Choose the right assessment for your need
Not all assessments are created equal. Armexa’s Risk Assessment services can apply the right methodology for the right purpose, giving industrial organizations a complete picture of where they stand and what to do about it. Our From Maturity and Compliance Gap Assessments benchmarked against NIST CSF and ISA/IEC 62443, to Validated System Design Reviews that uncover how vulnerabilities exist in your actual environment, to our signature Consequence-Based Risk Assessment using CyberHAZOP and CyberBowtie methodologies, we go beyond checkbox compliance. We also offer targeted assessments for DeltaV environments and regulatory engagements for pipeline and maritime operators requiring TSA and MTSA compliance. Many clients combine methodologies into a comprehensive program, each addressing a specific risk question. The result is a prioritized, actionable roadmap built around the realities of your OT environment.
ARMEXA SIGNATURE
Armexa’s 3D Assessments
Our flagship assessment framework examines your OT security posture across three interdependent dimensions delivering a unified view of risk that single-dimensional approaches miss entirely. The three dimensions are:
- 1) Validated System Design Review: Also known in pipeline security as CADR, this element involves a deep technical analysis of system architecture, network segmentation, data flow, and endpoint configurations. It helps uncover vulnerabilities in the actual implementation—not just theoretical gaps.
- 2) Maturity/Compliance Gap Assessment: This element evaluates how well an organization’s cybersecurity practices align with industry standards like NIST CSF and ISA/IEC 62443. It informs leadership about their current security posture relative to peers and regulatory expectations.
- 3) Consequence-Based Risk Assessment: This is where Armexa stands out. Using CyberHAZOP and CyberBowtie methodologies, it identifies the most critical operational risks and recommends the most cost-effective mitigations. This approach prioritizes real-world impact over theoretical vulnerabilities.
Topics: Comprehensive · All sectors · Risk-based
Individually Available: While these three assessments are available as a bundled three-dimensional program, each is also offered individually. Organizations can engage any one of them based on their current needs, program maturity, or regulatory requirements.
1) Architectural
Validated System Design Review (VSDR) 
A structured technical review that validates the security architecture of OT systems against design specifications, network diagrams, and vendor documentation, confirming that systems are configured and segmented as intended.
Topics: Architecture review · Network validation · Design verification
2) Benchmarking
Gap & Maturity Assessment 
Benchmarks your OT security program against leading frameworks — NIST CSF, IEC 62443, ISA/IEC, and NERC CIP — to establish your current maturity level, identify critical gaps, and build a prioritized improvement roadmap.
Topics: NIST CSF · IEC 62443 · Maturity scoring
3) CONSEQUENCE
CyberBowtie 
A barrier-based risk analysis tool that maps threat sources through attack pathways to consequences — while simultaneously modeling prevention and mitigation controls. Visualizes risk in terms operations and safety leadership can act on.
Topics: Risk visualization · Barrier analysis · Consequence mapping
——————-
CyberHAZOP 
Applies the structured HAZOP methodology to OT cybersecurity, systematically analyzing how cyber threats can deviate control system behavior to cause safety or operational consequences. Bridges the gap between process safety and cybersecurity teams.
Topics: Process safety · IEC 62443 · HAZOP-based
Specialty
SPECIALIZED
Emerson DeltaV Validated Cybersecurity Assessment (VCA)
A purpose-built cyber assessment for facilities running Emerson DeltaV distributed control systems. Evaluates DeltaV-specific security configurations, patch posture, network segmentation, and access controls against Emerson’s security guidance.
Topics: DeltaV DCS · Emerson-specific · Vendor-aligned
COMPLIANCE
TSA Compliance Assessments 
Evaluates pipeline and surface transportation operators against TSA Security Directives SD-02G, and related requirements — providing documented evidence of compliance and a remediation plan for identified gaps.
Topics: TSA SD-02G · Pipeline · Transportation
COMPLIANCE
MTSA Compliance Assessments 
Supports maritime facility operators and vessel owners in meeting U.S. Coast Guard Maritime Transportation Security Act cybersecurity requirements, including Facility Security Plans and cyber risk assessments aligned to USCG guidance.
Topics: USCG / MTSA · Maritime · Facility Security Plan