Overview of TSA SD2021-02C
Transportation Security Administration (TSA) Directive SD2021-02C came into effect on July 27, 2022. This regulation applies to owners/operators of hazardous liquid and natural gas pipelines or liquefied natural gas facilities deemed critical by the U.S. Transportation Security Administration.
The directive requires adherence to security controls that include: multi-factor authentication (MFA), network segmentation, monitoring, and filtering traffic between networks among other requirements to prevent disruption and degradation to their infrastructure.
Overview of Cyolo PRO
Cyolo PRO (Privileged Remote Operations) is an advanced, infrastructure-agnostic secure remote access solution built to mitigate the risks of remote access to mission-critical assets. Cyolo PRO’s decentralized architecture provides exceptional flexibility and can seamlessly adapt to all environments (cloud-connected, cloud-averse, and offline) without change management.
Common challenges Cyolo PRO solves include:
Ensuring rapid, secure, and safe support and maintenance for OT environments
Safely connecting third-party vendors and contractors to OT environments with no agents or end-user downloads required
Adding multi-factor authentication (MFA) to legacy systems that do not natively support modern identity authentication
Securing all access points to mission-critical assets, whether remote or on-premise
Implementing segmentation, supervision, session recording, and other requirements of industry and regional compliance mandates
Cyolo PRO/TSA SD2021-02C Alignment
Section
|
Measure
|
Cyolo PRO Capabilities
|
Control Type
|
III.C.2
|
Multi-factor Authentication (MFA)
|
Provides MFA to all user accounts (service, shared, individual, etc.) in isolated, hybrid or cloud environments.
|
Provides
|
III.C.3
|
Least privilege access rights and separation of duties
|
Provides user access rights based on individual, group, role or location.
|
Provides
|
III.C.4.a
|
Shared accounts limited through least privilege and separation of duties
|
Provides shared account access rights based on individual, group, role or location.
|
Provides
|
III.C.4.b
|
Access to shared account credentials restricted
|
Denies direct access to shared account credentials.
|
Provides
|
III.D.4
|
Incident isolation controls
|
Enables operational staff (manually or via a SOAR or other automation tool) to restrict access to users or resources provisioned within the platform.
|
Supports
|
III.E.3
|
Patching deficiency mitigation
|
Enables operational staff to apply controls and restrictions to resources in order to mitigate risks and maintain operational availability.
|
Provides
|
IV.C.2.e.i
|
Compliance attestation - Log files
|
Retains log files of platform usage and is configured to feed into other log aggregation platforms.
|
Validates
|
IV.C.2.f
|
Compliance attestation - Other
|
Provides session recording capabilities that enable the organization to have fully auditable user session information.
|
Validates
|
Control Type Description
Provides: Provides information to give directly to auditor or feeds data into an artifact
Validates: Can be used to prove whether another control(s) is present and/or working
Supports: Feeds information into another system or processes which serve the requirements
Conclusion
Cyolo PRO not only helps organizations comply with requirements of the TSA SD2021-02C directive but also empowers them to overcome additional challenges associated with oil and gas environments. These challenges include the deploying of technology in areas where computational infrastructure does not exist (oil fields, remote valves/controls, hard to reach pipeline controls, etc.), in harsh environments, and in locations where bandwidth is limited or non-existent. This is possible because Cyolo PRO is purpose-built to deploy on a platform that is small form factor (ruggedized Raspberry Pi-size devices) and uses low bandwidth (4G/5G, Fractional T, etc.).
In addition, Cyolo PRO reduces hard costs by minimizing truck rolls and other travel to remote locations to perform monitoring, patching, and maintenance. The solution also enables organizations’ existing staff to be more productive, to improve security, and to enhance safety without requiring additional staff or resources.
Schedule a demo and begin your path to TSA SD2021-02C compliance today.
