TSA Pipeline Security Directives Compliance


In 2021, the Transportation Security Administration (TSA) issued Pipeline Security Directives, mandating a series of actions for operators of liquid and gas pipelines and LNG facilities to enhance their cybersecurity measures. These directives require operators to document, implement and maintain comprehensive cybersecurity practices, with specific tasks to be completed on an annual or bi-annual basis.

TSA Pipeline Security Directive compliance is not a once-and-done exercise. It should be considered an integral part of an organization’s ongoing commitment to having a strong IT and operational technology (OT) cybersecurity program.

Armexa offers a variety of services to assist organizations in achieving and maintaining compliance with these directives. Our expertise covers the entire spectrum of TSA’s requirements, aimed at ensuring operational cybersecurity resilience.

Services Provided by Armexa

  • Cyber Implementation Plan (CIP) development and maintenance
  • Cyber Assessment Plan (CAP) development and maintenance
  • Cyber Incident Response Plan (CIRP) development and maintenance
  • Incident response exercise facilitation
  • Cyber Architecture Design Reviews (CADR)
  • Vulnerability assessment according to TSA 2018 Pipeline Security Guidelines
  • Network segmentation design and implementation support
  • Secure remote access design and implementation support
  • ICS detection system design and implementation support
  • Patch management design and implementation support
  • System hardening design and implementation support

Compliance with TSA Security Directives

Our approach to supporting compliance with TSA Security Directives is informed by extensive experience in OT and industrial cybersecurity, particularly within the midstream oil and gas industry.

TSA initially grants organizations 3 years to implement and assess the effectiveness of the controls specified in their Cybersecurity Implementation Plan (CIP). Beyond the 3 years, organizations are expected to strive for continuous improvement by monitoring and updating their CIP and implementing and assessing changes.

Choosing Armexa

Our experience includes comprehensive support for pipeline companies in complying with the latest directives (2021-01C and 2021-02D), reflecting a deep understanding of the operational challenges and cybersecurity requirements in the oil and gas sector. Our team has delivered OT cybersecurity services to nearly every major pipeline and LNG operator, from Alaska to the Gulf Coast.

Commitment to Cybersecurity

Partnering with Armexa means engaging with professionals dedicated to enhancing your cybersecurity posture in accordance with TSA directives and do their relevant industry standards, such as the NIST Cybersecurity Framework, ISA/IEC 62443, API 1164, and NIST 800-82. Our goal is to ensure your operations are secure, resilient, and compliant, with a focus on practical and effective cybersecurity measures.

Secure Your Operations with Armexa

We’re ready to assist your organization in enhancing and maintaining the cybersecurity of your critical operations and ensuring continuous compliance with the TSA Pipeline Security and other regulatory directives.

Contact us to discuss how we can support your compliance and security efforts.

Related Content

Enriching Security for a Major US Energy Company | Armexa


Case Study: US Energy Company Enriches Security Posture With OT Security Program Development

Discover how Armexa developed and implemented an enterprise-wide security program across 75 oil and gas facilities.

Discover how we can build digital resiliency into your OT infrastructure