Introduction to OT Security Standards and Regulations

Write your awesome label here.

Course Information

  • Target Audience
    Leadership
  • Level
    100 | Introductory
  • Instructor
    Donovan Tindill
  • Duration
    2 hours
  • Course Code
    OTRC-0103
Who benefits?
  • Compliance officers
  • Auditors
  • OT security managers
  • Professionals responsible for industrial environments
Introduction to OT Security Standards and Regulations provides a comprehensive overview of cybersecurity standards, regulations, and compliance frameworks specific to operational technology and industrial control systems. Participants will gain an understanding of the compliance frameworks such as NIST, ISA/IEC 62443, NERC CIP, EU NIS2, as well as industry-specific regulations.

What's included?

  • 1 Module
  • Dynamic slide progression
  • 100 Questions
  • 15 Videos
Donovan Tindill
Founding Faculty CambiOS Academy
25 year ICS/OT Security expert

Login to see the course syllabus and more!

Write your awesome label here.

Course Overview

This course equips professionals with a working understanding of the global landscape of cybersecurity regulations, standards, and guidelines that apply to operational technology and industrial control systems. Students survey the structural distinctions among the three categories of guidance, identifying what makes an instrument legally enforceable, a consensus-driven technical standard, or a voluntary recommendation. From there, the course builds proficiency in the three frameworks that anchor most OT cybersecurity programs: the NIST Cybersecurity Framework, IEC 62443, and the Cybersecurity Capability Maturity Model. Coverage includes the framework cores, hierarchies, role applicability, and self-assessment methods that practitioners apply when planning, designing, and operating an industrial control system cybersecurity program.

The second half of the course turns from framework vocabulary to applied practice. Students work through multi-framework compliance scenarios, learning how to map requirements across instruments, build a traceability matrix, and leverage common controls when an organization must satisfy several regulations simultaneously. The final units distinguish technical security level from capability maturity level as two independent dimensions of a cybersecurity program, demonstrating how each is calibrated to facility risk and combined into a multi-year roadmap. Real-world applications include classifying any regulatory or standards reference an OT practitioner encounters, designing zones and conduits with appropriate security levels, performing a self-assessment with the Cybersecurity Capability Maturity Model, and constructing a calibrated cybersecurity roadmap across a multi-facility portfolio. The course prepares consultants, asset owners, integrators, and service providers to engage credibly with regulatory and standards work, supports career progression into OT cybersecurity leadership roles, and provides the vocabulary professionals need to communicate across regions, sectors, and roles in the industrial control system supply chain.