← Frameworks / Industry Standard

API Standard 1164 Pipeline Control Systems Cybersecurity 3rd Edition

Industry standard for cybersecurity of pipeline SCADA and control systems in the oil and natural gas sector. 12 requirement areas covering risk management, security architecture, access control, system integrity, data protection, monitoring and detection, incident response, business continuity, supply chain security, personnel security, physical security, and compliance assessment. Aligned with NIST CSF and TSA Pipeline Security Directives. Used by pipeline operators for control system cybersecurity programs.

Clauses: 12

Avg Coverage: 79.6%

Publisher: American Petroleum Institute (API) Version: 3rd Edition (2021)

API 1164 → SP 800-53 SP 800-53 → API 1164 Coverage Analysis

Clause	Title	SP 800-53 Controls
Sec 4	Risk Management	RA-01 RA-02 RA-03 RA-05 RA-07 RA-09 PM-09
Sec 5	Security Architecture	SC-07 SC-32 AC-04 PL-08 SA-08 SC-46
Sec 6	Access Control	AC-02 AC-03 AC-05 AC-06 AC-07 AC-17 IA-02 IA-03 IA-05 IA-08
Sec 7	System Integrity	SI-02 SI-03 SI-07 CM-02 CM-03 CM-04 CM-06 CM-07 CM-14
Sec 8	Data Protection	SC-08 SC-12 SC-13 SC-28 AC-04 MP-02 MP-04
Sec 9	Monitoring and Detection	AU-02 AU-03 AU-06 SI-04 CA-07 SC-48
Sec 10	Incident Response	IR-01 IR-02 IR-04 IR-05 IR-06 IR-08
Sec 11	Business Continuity	CP-01 CP-02 CP-04 CP-06 CP-07 CP-09 CP-10
Sec 12	Supply Chain Security	SR-01 SR-02 SR-03 SR-05 SR-06 SR-11 SA-04 SA-09
Sec 13	Personnel Security	PS-01 PS-02 PS-03 PS-04 PS-06 PS-07 AT-01 AT-02 AT-03
Sec 14	Physical Security	PE-01 PE-02 PE-03 PE-04 PE-06 PE-08 PE-09 PE-11
Sec 15	Compliance and Assessment	CA-01 CA-02 CA-05 CA-07 CA-08 PM-06 PM-14