ISO/IEC 27019

ISO/IEC 27019 gives information-security guidance for process-control systems in the energy-utility industry, extending the ISO/IEC 27002 controls to the operational-technology environment (SCADA, PLCs, and instrumentation). The current edition is ISO/IEC 27019:2017. Although written for energy producers and grid operators, its treatment of control-system segmentation, access control, and patch handling maps onto shipboard and port OT, so maritime cyber programs reference it alongside IEC 62443 when securing engine, cargo, and navigation control networks. It pairs with ISO/IEC 27001 as the management-system frame and IEC 62443 as the industrial-control baseline.