The Transportation Security Administration (TSA) is a U.S. government agency that is responsible for providing security for the nation’s transportation systems, including the aviation, rail, and highway sectors. As part of its mission, the TSA has established cybersecurity standards and requirements for certain transportation systems to ensure that they are secure and compliant with federal regulations.
The TSA Cybersecurity Pipeline Compliance (TSACPC) requirement applies to certain transportation systems that are considered critical infrastructure. Owner/Operators impacted should have received a memorandum. This requirement is designed to ensure that these systems have robust cybersecurity controls in place to protect against cyber threats and vulnerabilities.
To meet the TSACPC requirement, transportation systems must implement a range of cybersecurity controls and practices, including:
Institutions must have a defined Cybersecurity Implementation Plan
Network segmentation: Systems must be segmented and access to sensitive areas of the network must be restricted. Logical zones must be defined based on criticality and risks.
Access Control: Must be based on the principles of least privilege and separation of duties, or compensating controls must be defined.
Encryption: Data transmitted over networks must be encrypted to protect against unauthorized access.
Network security monitoring: Systems must be monitored for security threats and vulnerabilities.
Vulnerability management: Systems must be regularly tested for vulnerabilities and any identified vulnerabilities must be promptly addressed.
Multi-factor authentication for access to industrial control workstations or specify what compensating controls are in place.
Security incident response: Institutions must have a plan in place for responding to security incidents, including containment, preservation, recovery, and annual testing.
Assessment Program: Measuring the effectiveness of the Cybersecurity Program, performing architectural design reviews, and other assessment capabilities such as penetration testing. Overall, the TSACPC requirement is designed to help ensure that critical transportation systems are secure and compliant with federal regulations and can protect against cyber threats and vulnerabilities.
About Columbia Advisory Group: Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at info@columbiaadvisory.com.
Lori Demello
Director, Compliance and Risk Management
More from our Blog:
Oct 01 2024 :
Columbia Advisory Group Selected as E&I Cooperative Partner for Cyber Security and Compliance
Sep 20 2024 :
GLBA audit findings will affect an institution’s participation in Title III and Title IV programs