Cybersecurity & Guidance

AWWA Resources on Cybersecurity 

Cybersecurity is the top threat facing business and critical infrastructure in the United States, according to reports and testimony from the Director of National Intelligence, the Federal Bureau of Investigation and the Department of Homeland Security. All water systems should act to examine cybersecurity vulnerabilities and develop a cybersecurity risk management program.

Related Resources

Risk & Resilience


Cybersecurity Guidance & Tool

AWWA’s Cybersecurity Guidance and supporting Use-Case Tool were specifically developed to provide a voluntary, sector-specific approach to support implementation of applicable controls in the NIST Cybersecurity Framework. The Guidance and Use-Case Tool have been recognized by USEPA, DHS, NIST and several states for aiding water systems in their prioritization of controls necessary to manage cybersecurity risks.

The NIST Cybersecurity Framework was created in response to Executive Order 13636 - Improving Critical Infrastructure Cybersecurity. In addition, America’s Water Infrastructure Act of 2018, requires all community water systems serving more than 3,300 to conduct a risk and resilience assessment that must consider cybersecurity threats.

Cybersecurity requires a commitment to action as part of an all-hazards risk management strategy as recommended in ANSI/AWWA G430: Security Practices for Operations and Management. The AWWA Cybersecurity Guidance & Use-Case Tool are living documents, and it is expected that further revisions and enhancements will be implemented based on input from users.

Email comments and questions about the guidance and/or use-case tool.



Didn't find what you are looking for? Please contact us at