TSA Pipeline Security Directive SD-02D: The Engineering Work Operators Must Complete

12 hrs

TSA SD-02D deadline to report cybersecurity incidents to CISA after detection

TSA Security Directive Pipeline-2021-02D (the fourth revision, issued 2022) imposes mandatory cybersecurity measures on critical pipeline operators â€” owners of pipelines carrying natural gas, liquid petroleum products, and hazardous liquids. The directive requires network segmentation between OT and IT networks, access control measures for OT systems, continuous monitoring capabilities, and a Cybersecurity Incident Response Plan approved by CISA. The 12-hour incident reporting obligation to CISA is operationally demanding â€” most pipeline operators have never had a security operations centre capable of meeting it.

Full article content coming soon.

Compliance Engineering

The engineering behind this article is available as a service.

We have done this work — not advised on it, not reviewed documentation about it. If the problem in this article is your problem, the first call is with a senior engineer who has solved it.

Talk to an Engineer See Case Studies →

TSA Pipeline Security Directive SD-02D: The Engineering Work Operators Must Complete

EU AI Act: What CTOs Actually Need to Do Before August 2026

DORA Is Live. Here's What 'Operational Resilience' Means for Your Codebase

FedRAMP Rev 5: What Changed and Why Most Current ATO Holders Are Already Non-Compliant

The engineering behind this article is available as a service.