As part of a new National Cybersecurity Strategy, EPA issued a memorandum and guidance directing Safe Drinking Water Act state primacy agencies to assess cybersecurity resilience of public water systems (PWSs). The memorandum incorporates cybersecurity into primacy agency sanitary survey programs. EPA is describing this instruction as mandatory. When a primacy agency identifies a significant cybersecurity deficiency during a sanitary survey the agency is instructed to use its authority to require the PWS to address the deficiency. AWWA and partner associations have long recognized the importance of cybersecurity and collectively taken actions to support improvements in the water sector. The sector associations as well as associations representing local government have consistently opposed this regulatory approach. Members should be aware that statements implying that this framework was developed in collaboration with the water sector are misleading and that state primacy agencies have also opposed this action. As EPA is issuing an interpretation of primacy agency obligations without a formal rulemaking process, it is not clear how individual states will respond. States are in a challenging position given the interpretation is effective immediately. Guidance for states just opened for public comment and detailed training on cybersecurity for states is still being scheduled. AWWA will collaborate with partner associations to review EPAs memorandum and supporting materials and urges water systems to engage their primacy agency to understand how it will respond to this directive. Water systems that have not already done so can leverage AWWA’s guidance and assessment tool , which includes small systems guidance , to advance their cybersecurity preparedness. EPA’s press release on this guidance is already appearing in national media outlets. Systems should be prepared to respond to media inquiries regarding the state of their cybersecurity preparedness. Questions can be directed to Kevin Morley , AWWA’s federal relations manager.