- Project Name:
- TSA Audit
- Project Details:
- Country:
- USA
- Location in Country:
- East Midlands
- Start Date:
- 2022-01
- Duration:
- 6 Months
- Professional Resources:
- 1
Business Objectives 
Our Role 
Results - Audit completed with recommendations to close gaps submitted
- Met with TSA auditors and explained security controls in place in lieu of TSA requirements
- Mediated between client and regulator dates and progress for gap action closure
- In response to the Colonial Pipeline ransomware cyberattack in May 2021, the US Cybersecurity Infrastructure and Security Agency (CISA) issued a directive for all oil and gas operators with pipelines to implement a set of IT and OT security requirements in their organizations. This was implemented through the US Transportation Security Agency (TSA) and was title TSA D1 and D2
- Conduct an independent internal audit of the client’s implementation and compliance to the described set of requirements in the TSA directives. Conduct a Validated Architecture Review (VADR) on a sample of the process control networks within the pipeline operator’s infrastructure to prove the necessary segmentation as per the Purdue Model. Ensure any gaps are identified and the client has a comprehensive risk action plan in place to resolve or alternate mitigating measures in place.