Welcome to the new Energy Central — same great community, now with a smoother experience. To login, use your Energy Central email and reset your password.

Which Cybersecurity Standards should you follow NIST or IEC, across U.S. critical infrastructure?

The choice between which cybersecurity framework to follow, IEC 62443 or NIST CSF, and related NIST standards, i.e. SP 800-82, SP 800-160, SP 800-161, SP 800-53 is all about knowing which standards will make their way into laws and regulations, that you and your company will need to follow. If you are subject to EU regulations then you may choose to follow IEC 62443 standards. If you are located in the Unites States then you may want to follow NIST cybersecurity standards, in preparation for regulations that adopt NIST standards, such as Executive Order 14028. Both the IEC and NIST cybersecurity frameworks standards are viable and effective recommendations to improve cybersecurity.

This is not a beauty contest between two viable and competent cybersecurity standards. This decision is all about deciding which cybersecurity standards to follow as you invest your cybersecurity budget funds in solutions, in order to avoid rip and replace of those investments when future laws and regulations take effect. It all comes down to "which regulations will you need to follow" - that will help you choose between these two excellent cybersecurity standards.