← Frameworks / Infrastructure Regulation

TSA Pipeline Security Directives (SD-1 and SD-2)

Mandatory cybersecurity requirements for owner/operators of hazardous liquid and natural gas pipelines designated as critical infrastructure by TSA. Security Directive Pipeline-2021-01 (SD-1) requires cybersecurity coordinator designation, 24-hour incident reporting to CISA, vulnerability assessment, and remediation. Security Directive Pipeline-2021-02 (SD-2) mandates network segmentation, access control, continuous monitoring, patch management, cybersecurity implementation plans, architecture design review, testing, and training. Issued following the Colonial Pipeline ransomware attack.

Clauses: 12

Avg Coverage: 78.3%

Publisher: Transportation Security Administration (TSA) Version: 2021 (reissued 2023)

TSA Pipeline SD → SP 800-53 SP 800-53 → TSA Pipeline SD Coverage Analysis

Clause	Title	SP 800-53 Controls
SD-1 Sec 1	Cybersecurity Coordinator	PM-01 PM-02 PM-10
SD-1 Sec 2	Incident Reporting	IR-01 IR-06 PM-15
SD-1 Sec 3	Vulnerability Assessment	RA-03 RA-05 CA-02 CA-08
SD-1 Sec 4	Remediation Measures	CA-05 PM-04 RA-07
SD-2 Sec A	Network Segmentation	SC-07 SC-32 AC-04 SC-46
SD-2 Sec B	Access Control Measures	AC-02 AC-03 AC-05 AC-06 AC-07 AC-17 IA-02 IA-05 IA-08
SD-2 Sec C	Continuous Monitoring and Detection	SI-04 CA-07 AU-02 AU-06 SC-48 IR-04
SD-2 Sec D	Patch Management	SI-02 CM-03 CM-04 RA-05 SA-22
SD-2 Sec E	Cybersecurity Implementation Plan	PL-01 PL-02 PM-01 PM-09 CA-05
SD-2 Sec F	Cybersecurity Architecture Design Review	PL-08 SA-08 SA-17 SC-07 SC-32
SD-2 Sec G	Cybersecurity Testing	CA-08 CA-02 RA-05 SA-11
SD-2 Sec H	Cybersecurity Training	AT-01 AT-02 AT-03 AT-04 PM-13