TSA Security Directive SD02E compliance refers to adherence with the cybersecurity mandates outlined in the U.S. Transportation Security Administration’s (TSA) Security Directive Pipeline-2021-02E, which applies to pipeline and liquefied natural gas (LNG) facility owners and operators. Issued under TSA’s regulatory authority over pipeline security, SD02E mandates specific cybersecurity performance goals and access control measures to protect critical transportation infrastructure from cyber threats.
SD02E was developed in response to the growing threat of cyberattacks targeting critical energy infrastructure, including the Colonial Pipeline ransomware attack in 2021. The directive replaces earlier TSA guidance with enforceable requirements focused on risk-based cybersecurity, access control, incident response, and resilience.
For covered entities, SD02E requires:
Operators must not only implement these controls but also submit cybersecurity implementation plans to the TSA and be prepared for audits or inspections. Failure to comply may result in regulatory enforcement actions.
Xona supports TSA SD02E compliance by delivering secure, auditable, and policy-driven remote access to critical systems, without the use of VPNs or exposed credentials. Its hardened access gateway enforces:
Xona also supports real-time supervision, session approval workflows, and seamless integration with SIEM and compliance systems enabling pipeline and transportation operators to meet SD02E technical requirements while maintaining operational continuity and safety.