Contact Us
Contact Us
Login
INSIGHTS

TSA Pipeline Compliance

Dragos provides OT-native technology and services to help pipeline operators exceed TSA Security Directive Pipeline-2021-02F requirements.

Critical Cyber Systems & Network Segmentation
Meet TSA requirements III.A and III.B with comprehensive asset visibility and inventory, network segmentation validation, and crown-jewel identification. Dragos Platform provides real-time visibility into critical systems and validates segmentation policies across OT networks — ensuring your infrastructure meets regulatory standards and operational security needs.
Insights TSA Compliance Point 1
Continuous Monitoring & Threat Detection
Address TSA requirements III.C and III.D with intelligence-driven threat detection, secure access controls, and continuous OT network monitoring. Detect VOLTZITE, CHERNOVITE, and other pipeline-targeting adversaries before they impact critical operations. Our platform delivers real-time visibility without disrupting processes.
Insights TSA Compliance Point 2
Vulnerability Management & Incident Response
Fulfill TSA requirement III.E with risk-based vulnerability management and comprehensive incident response planning. Prioritize patches based on exploitability and operational impact and maintain incident response capabilities tested against real-world scenarios. Our approach balances urgency with operational continuity to ensure TSA pipeline compliance.
TSA Pipeline Infographic Asset Thumbnail
Infographic
TSA Pipeline Security At-a-Glance
Get a visual guide to TSA Security Directive Pipeline-2021-02F compliance. See how our OT-native platform, threat intel, and services help pipeline operators defend against nation-state and ransomware threats.
DOWNLOAD NOW
Related Resources
Threat Intelligence & Hunting Blog Hero
Blog
Top 5 Cybersecurity Threats to Oil & Gas, and How to Protect Against Them
December 30, 2024 02:45 PM
5 min read
Dragos, Inc.
infographic
Oil & Gas Cybersecurity: Intelligence-Driven Cyber Defense Strategy
Get this easy-to-share infographic with insights on threats to OT with data on cybersecurity gaps in the oil and gas sector from Dragos Professional Services engagements in 2023.
September 12, 2025 12:40 PM
Press Release
Dragos and the ONG-ISAC Announce Joint Initiative to Bolster Security of ICS/OT in the Oil and Natural Gas Sector
Dragos partners with ONG-ISAC to enhance ICS/OT cybersecurity for the oil and natural gas sector, providing advanced protection against industrial threats.
September 16, 2021 08:00 AM
4 min read
Secure Partner Ecosystem
  • 150 BW_partner_logos_carousel-emerson.webp
  • 150 BW_partner_logos_carousel-macnica.webp
  • 150 BW_partner_logos_carousel-aws.webp
  • 150 BW_partner_logos_carousel-crowdstrike.webp
  • 150 BW_partner_logos_carousel-servcicenow.webp
  • 150 BW_partner_logos_carousel-fortinet.webp
  • 150 BW_partner_logos_carousel-yokogawa.webp
  • 150 BW_partner_logos_carousel-guidepoint.webp
  • 150 BW_partner_logos_carousel-accenture.webp
  • 150 BW_partner_logos_carousel-RA.webp
  • 150 BW_partner_logos_carousel-microsoft.webp
  • 150 BW_partner_logos_carousel-carahsoft.webp
  • 150 BW_partner_logos_carousel-site.webp
  • 150 BW_partner_logos_carousel-sel.webp
  • 150 BW_partner_logos_carousel-shi.webp
  • 150 BW_partner_logos_carousel-ge.webp
  • 150 BW_partner_logos_carousel-splunk.webp
  • 150 BW_partner_logos_carousel-optiv.webp
FAQ

TSA Security Directive Pipeline-2021-02F, effective May 3, 2025, requires owners/operators of TSA-designated critical pipeline systems notified before July 26, 2022, to implement cybersecurity measures protecting critical cyber systems from malicious intrusions, ensuring TSA pipeline security directive adherence.

The directive requires: identifying Critical Cyber Systems, implementing network segmentation, establishing access controls with MFA, continuous monitoring and detection, risk-based vulnerability management, cybersecurity incident response planning, and regular cybersecurity assessments, as per TSA pipeline security guidelines.

Dragos Platform provides comprehensive asset visibility and inventory across OT/IT/IoT systems through passive discovery and active validation. We help identify crown-jewel systems, map communication pathways, and provide continuous asset inventory updates required by the directive.

Pipeline operators face sophisticated threats from nation-state actors like VOLTZITE (targeting 23 pipeline operators), ICS-specific malware like CHERNOVITE’s PIPEDREAM, and increasing ransomware attacks. The sector experienced 44 documented ransomware incidents in 2024.

Our platform provides OT-native monitoring with deep packet inspection, intelligence-driven threat detection mapped to MITRE ATT&CK for ICS, and behavioral analysis specifically designed for pipeline operations without disrupting critical processes, ensuring compliance with the TSA pipeline security directive.

Yes, through NP-View network validation tools that map configurations,identify segmentation gaps, verify firewall rules, and provide assurance around network architecture. We help validate that segmentation policies effectively protect Critical Cyber Systems.

Our platform correlates vulnerabilities to asset inventories, recalculates risk scoring based on exploitability and operational criticality, provides “Now, Next, Never” prioritization guidance, and streamlines patching workflows for pipeline environments.

The renewal to Pipeline-2021-02F maintains all existing requirements, emphasizing that these are ongoing obligations, not one-time implementations. Organizations must continuously maintain and improve their Cybersecurity Implementation Plans, ensuring consistent TSA pipeline security directive adherence.
CTA Pattern Background Dot Mesh
See the Dragos Platform in Action
Take the next step to protect your ICS environment now with a free demo.
REQUEST PLATFORM DEMO