← Frameworks / Water Regulation

America's Water Infrastructure Act Section 2013

Federal law requiring community water systems serving more than 3,300 people to conduct risk and resilience assessments and develop emergency response plans covering cybersecurity. Complemented by AWWA cybersecurity guidance covering governance, asset management, access control, network security, detection and monitoring, incident response, supply chain management, and workforce security. Overseen by EPA with 5-year reassessment cycles. Addresses unique water utility challenges including distributed infrastructure, small utility resource constraints, and treatment process safety.

Clauses: 10

Avg Coverage: 77.5%

Publisher: U.S. Environmental Protection Agency (EPA) / AWWA Version: 2018

AWIA → SP 800-53 SP 800-53 → AWIA Coverage Analysis

Clause	Title	SP 800-53 Controls
AWWA Sec 1	Governance and Risk Management	PM-01 PM-02 PM-03 PM-09 PL-01 PL-02 PM-06
AWWA Sec 2	Asset Management	CM-08 PM-05 RA-02 CM-02
AWWA Sec 3	Access Control	AC-02 AC-03 AC-06 AC-07 AC-17 IA-02 IA-05 PE-02 PE-03
AWWA Sec 4	Network Security	SC-07 SC-32 AC-04 SI-04 CA-07 SC-46
AWWA Sec 5	Detection and Monitoring	AU-02 AU-06 SI-04 CA-07 SC-48 IR-05
AWWA Sec 6	Incident Response	IR-01 IR-02 IR-04 IR-05 IR-06 IR-08
AWWA Sec 7	Supply Chain and Vendor Management	SR-01 SR-02 SR-03 SA-04 SA-09 SR-06
AWWA Sec 8	Workforce Security	AT-01 AT-02 AT-03 PS-01 PS-02 PS-03 PS-06 PM-13
Sec 2013(a)	Risk and Resilience Assessment	RA-01 RA-02 RA-03 RA-05 RA-07 RA-09 PM-09 PM-11
Sec 2013(b)	Emergency Response Plan	IR-01 IR-02 IR-04 IR-08 CP-01 CP-02 CP-04