← Frameworks / TSA Pipeline SD / Control Mappings

TSA Pipeline Security Directives (SD-1 and SD-2)

Mandatory cybersecurity requirements for owner/operators of hazardous liquid and natural gas pipelines designated as critical infrastructure by TSA. Security Directive Pipeline-2021-01 (SD-1) requires cybersecurity coordinator designation, 24-hour incident reporting to CISA, vulnerability assessment, and remediation. Security Directive Pipeline-2021-02 (SD-2) mandates network segmentation, access control, continuous monitoring, patch management, cybersecurity implementation plans, architecture design review, testing, and training. Issued following the Colonial Pipeline ransomware attack.

Controls: 48

Total Mappings: 56

Publisher: Transportation Security Administration (TSA) Version: 2021 (reissued 2023)

TSA Pipeline SD → SP 800-53 SP 800-53 → TSA Pipeline SD Coverage Analysis

AC (7) AT (4) AU (2) CA (4) CM (2) IA (3) IR (3) PL (3) PM (7) RA (3) SA (4) SC (4) SI (2)

AC Access Control

Control	Name	TSA Pipeline SD References
AC-02	Account Management	SD-2 Sec B
AC-03	Access Enforcement	SD-2 Sec B
AC-04	Information Flow Enforcement	SD-2 Sec A
AC-05	Separation Of Duties	SD-2 Sec B
AC-06	Least Privilege	SD-2 Sec B
AC-07	Unsuccessful Login Attempts	SD-2 Sec B
AC-17	Remote Access	SD-2 Sec B

AT Awareness and Training

Control	Name	TSA Pipeline SD References
AT-01	Security Awareness And Training Policy And Procedures	SD-2 Sec H
AT-02	Security Awareness	SD-2 Sec H
AT-03	Security Training	SD-2 Sec H
AT-04	Security Training Records	SD-2 Sec H

AU Audit and Accountability

Control	Name	TSA Pipeline SD References
AU-02	Auditable Events	SD-2 Sec C
AU-06	Audit Monitoring, Analysis, And Reporting	SD-2 Sec C

CA Security Assessment and Authorization

Control	Name	TSA Pipeline SD References
CA-02	Security Assessments	SD-1 Sec 3SD-2 Sec G
CA-05	Plan Of Action And Milestones	SD-1 Sec 4SD-2 Sec E
CA-07	Continuous Monitoring	SD-2 Sec C
CA-08	Penetration Testing	SD-1 Sec 3SD-2 Sec G

CM Configuration Management

Control	Name	TSA Pipeline SD References
CM-03	Configuration Change Control	SD-2 Sec D
CM-04	Monitoring Configuration Changes	SD-2 Sec D

IA Identification and Authentication

Control	Name	TSA Pipeline SD References
IA-02	User Identification And Authentication	SD-2 Sec B
IA-05	Authenticator Management	SD-2 Sec B
IA-08	Identification and Authentication (Non-Organizational Users)	SD-2 Sec B

IR Incident Response

Control	Name	TSA Pipeline SD References
IR-01	Incident Response Policy And Procedures	SD-1 Sec 2
IR-04	Incident Handling	SD-2 Sec C
IR-06	Incident Reporting	SD-1 Sec 2

PL Planning

Control	Name	TSA Pipeline SD References
PL-01	Security Planning Policy And Procedures	SD-2 Sec E
PL-02	System Security Plan	SD-2 Sec E
PL-08	Security and Privacy Architectures	SD-2 Sec F

PM Program Management

Control	Name	TSA Pipeline SD References
PM-01	Information Security Program Plan	SD-1 Sec 1SD-2 Sec E
PM-02	Information Security Program Leadership Role	SD-1 Sec 1
PM-04	Plan of Action and Milestones Process	SD-1 Sec 4
PM-09	Risk Management Strategy	SD-2 Sec E
PM-10	Authorization Process	SD-1 Sec 1
PM-13	Security and Privacy Workforce	SD-2 Sec H
PM-15	Security and Privacy Groups and Associations	SD-1 Sec 2

RA Risk Assessment

Control	Name	TSA Pipeline SD References
RA-03	Risk Assessment	SD-1 Sec 3
RA-05	Vulnerability Scanning	SD-1 Sec 3SD-2 Sec DSD-2 Sec G
RA-07	Risk Response	SD-1 Sec 4

SA System and Services Acquisition

Control	Name	TSA Pipeline SD References
SA-08	Security Engineering Principles	SD-2 Sec F
SA-11	Developer Security Testing	SD-2 Sec G
SA-17	Developer Security and Privacy Architecture and Design	SD-2 Sec F
SA-22	Unsupported System Components	SD-2 Sec D

SC System and Communications Protection

Control	Name	TSA Pipeline SD References
SC-07	Boundary Protection	SD-2 Sec ASD-2 Sec F
SC-32	System Partitioning	SD-2 Sec ASD-2 Sec F
SC-46	Cross Domain Policy Enforcement	SD-2 Sec A
SC-48	Sensor Relocation	SD-2 Sec C

SI System and Information Integrity

Control	Name	TSA Pipeline SD References
SI-02	Flaw Remediation	SD-2 Sec D
SI-04	Information System Monitoring Tools And Techniques	SD-2 Sec C