One of the biggest challenges our customers face is regulatory compliance. Over the past few years, the U.S. Transportation Security Administration (TSA) has introduced cybersecurity requirements aimed at protecting critical infrastructure for both ground and air transportation. These mandates apply to airports, airlines, freight systems, and ancillary suppliers across the transportation sector, driving nationwide implementation efforts. There has been a renewed announcement for pipeline owners and operators

This amendment emphasizes that TSA-regulated entities should take action to improve their cybersecurity resilience and prevent disruption and degradation to their infrastructure.   

Having worked closely with transportation security leaders, I can tell you these mandates are more than a compliance checkbox. They’re driving a fundamental shift in how organizations protect critical operational technology (OT) in aviation. 

What are the major cybersecurity requirements of the TSA mandates?

TSA’s requirements are clear and non-negotiable. These requirements are part of emergency actions implemented to address persistent cybersecurity threats against U.S. critical infrastructure, including the aviation sector.  The new emergency amendment requires the following actions: 

  1. Develop network segmentation policies and controls to ensure that operational technology systems can continue to safely operate in the event that an information technology system has been compromised, and vice versa; 
  1. Create access control measures to secure and prevent unauthorized access to critical cyber systems; 
  1. Implement continuous monitoring and detection policies and procedures to defend against, detect, and respond to cybersecurity threats and anomalies that affect critical cyber system operations; and 
  1. Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers and firmware on critical cyber systems in a timely manner using a risk-based methodology. 

The challenge isn’t just understanding these requirements — it’s implementing them across complex aviation environments. In an industry where every minute of downtime can cost millions, execution must be seamless. 

Why existing IT and OT security tools fall short of TSA’s requirements 

Having worked extensively with customers managing highly complex environments, including aviation and transportation, I’ve noticed recurring challenges. Traditional tools are great at managing IT devices through endpoint detection and response (EDR) or device management, but IoT and OT assets which are critical to operations often fall outside the scope of these tools. 

Here’s the issue: partial visibility isn’t enough. TSA’s mandates go beyond visibility, requiring actionable steps like access controls, network segmentation, and updates. Without complete insights, without relevant and accurate context, taking these actions becomes inefficient and error prone. 

What capabilities do you need to meet TSA’s security requirements 

While some of the existing tools can help facilitate these actions, they often lack sufficient context to make reliable decisions. Additionally, configuration across multiple layers relies on manual processes. For organizations managing sprawling and complex environments, that’s not scalable. 

So, what do you need to succeed? Drawing from years of helping security leaders meet similar requirements, here’s where to focus: 

Clean, actionable, asset intelligence on all OT and IT devices 

When you’re looking at a solution to help identify and analyze all your assets, having reliable and accurate data is critical. When data is presented, it must come with explainability on which data source contributed to an asset’s attributes and how one can prioritize these input feeds. Here are some ways to understand the analytics behind the system that pulls all the data into a single seamless asset data lake. 

  • Which API contributed to what pieces of data? How reliable is the API data?. How do we discover assets that do not have APIs? How do we discover tools that will not be present in the traffic flow because they are remote or in part of the network where traffic-based analysis is not possible?  
  • How does the correlation process work? Which methods go into de-duplication of data? Which methods go into prioritization of data fields or accurately identifying the context? Which methods go into accurately identifying the device type using classification techniques that leverage crowd-sourced data?  
  • How do we model the device with respect to its traffic characteristics? To assets of similar type? To its external communication patterns to various websites and including command-and-control sites with low reputation? 

Complete, clean, accurate and highly correlated  asset intelligence without duplicates is foundational. Without it, you can’t implement access controls, enforce policies, or segment networks effectively. 

Deep integrations with network access controls (NACs) and firewalls 

It’s not enough to simply do “swivel chair” policy enforcement. Especially within ultra complex environments like airports or airlines, it requires tight integrations to enforcement solutions like firewalls and network access control (NAC). 

For example, you should be able to understand traffic flows of your OT and IT devices and push policies defining which traffic is allowed to the internet and what to block on a per-group basis at the firewall. This has to be dynamic as new devices come into the network and move about, thus potentially changing their IP address. 

True automation that works across your infrastructure 

With deep integration, then you can implement policies at scale. This requires the ability to orchestrate policies across multiple firewalls, including the use of API calls to inject their context to form business-relevant address groups. In a typical airline that has presence in hundreds of airports, this becomes a huge complex undertaking if automation is not put to good use. 

The idea is to take an infrastructure-as-code approach and reduce day-to-day maintenance on the teams that operate these systems.  

What’s my path forward to comply with TSA’s cybersecurity requirement? 

For transportation security leaders, or anyone managing complex environments, meeting requirements like the TSA mandates may feel daunting, but it doesn’t have to be. 

The key is to look beyond solutions focused solely on visibility. Compliance requires actionable insights, deep integrations with enforcement automation with tools like firewalls, NAC, and scalable workflows. 

If you’d like to learn more about how we’re helping organizations meet these challenges, I highly recommend checking out ORDR’s technical whitepaper written by my colleague Craig Hyps’ technical whitepaper or reaching out to start a conversation with us. 

Interested in
Learning More?

Subscribe today to stay informed and get
regular updates from ORDR Cloud

You Might Also Be Interested in

/
Jun 13, 2025

TSA Cybersecurity Mandates and Beyond: Strategies for Securing Mission-Critical Environments 

Read More
/
May 1, 2025

EDR Worked Until Attackers Pivoted to a Camera: How Agentless Assets Sidestep Traditional Controls

Read More
/
Apr 11, 2025

Smarter Hospital Spending Starts With Knowing Your Assets

Read More

Ready to Get Started?

REQUEST A DEMO