Solicitar documento

Para descargar este documento debe ser miembro con acceso a entregables. Si ya es miembro, puede descargarlo desde nuestra plataforma NGLibrary.

Document request

If you are interested in this document, you can ask for it at info@cci-es.org or register freely in our platform as a member able to access to deliveries.

ICMS Guide for those responsible for building an Industrial Cybersecurity Management System

978-84-947727-5-7

This guide makes it possible to cover the scarcity of normative references that deal, in a particular way, with the management of cybersecurity in industrial automation and control systems. In it, new specific and differentiated guidelines have been developed for an effective, efficient and continuous treatment of the risks to the availability, integrity and confidentiality of the operations and information managed by such systems.

In addition, if you want to learn and put into practice the implementation of an Industrial Cybersecurity Management System, we encourage you to sign up for the practical workshop that CCI organizes: T04. Workshop on the Application of an Industrial Cybersecurity Management System. It is based on this document (which will be delivered at no additional cost as workshop documentation), during which the following topics will be addressed:

  • Scope of application of the ICMS
  • Overview of the guide and its controls
  • Domain 1: Definition of a strategy.
  • Domain 2: Industrial Cybersecurity Risk Management
  • Domain 3: Promotion of a culture of Industrial Cybersecurity
  • Domain 4: Establishment of cyber protection regulations
  • Domain 5: Guarantee of Resilience and continuity

For further information, please visit: https://www.cci-es.org/AplicationICMS

If you prefer a more complete training in which to put this document into practice together with other publications of relevant interest, we encourage you to enroll in the practical course that CCI organizes: C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control Systems).

Further information about this Course at: https://www.cci-es.org/CourseIACS

You can purchase this document on our NGLibrary
ES
20/09/2018
450€

Title

SG2CI: The operating system for the ICSO

07/07/2026

This guide presents the SG2CI, an industrial cybersecurity governance and management operating system that enables the ICSO to govern, coordinate, and evolve cybersecurity in a complex, interdependent, and changing industrial environment. SG2CI does not intend to replace standards such as IEC 62443, ISO 27001, or the NIST CSF 2.0. SG2CI is an evolution of SGCI, […]

DR2 MODEL. Decisions with Roles and Responsibilities

06/07/2026

This document analyzes the DR² Model from the Center for Industrial Cybersecurity, a framework designed to govern critical decision-making under uncertainty in IT/OT environments. Unlike classic models, this approach separates technical capability from the legitimacy to decide, directly linking authority to actual impact and the “pain” assumed. Through four fundamental states (M-I-D-E) and ten essential […]

Guide of interpretation of the ENS in the industrial operation

23/06/2026

This guide addresses the interpretation of the Esquema Nacional de Seguridad (ENS) in operational technology (OT) environments without altering regulations or introducing operational risks. It translates the ENS objectives into the physical and industrial reality, separating “what” the framework requires from “how” it is executed. It prioritizes availability and process integrity, validating the use of compensatory and organizational controls specific to the plant. […]

Industrial Cybersecurity Maturity Model and its MACIN Platform

09/06/2026

This document analyzes the Industrial Cybersecurity Maturity Model and its digital platform MACIN, developed by the Industrial Cybersecurity Center (CCI) in its 2026 edition. The model is specifically designed for OT environments and aligned with C2M2 v2.1, structuring itself into 10 domains, 45 objectives, and 175 practices evaluated through five maturity levels and four dimensions: processes, technology, people, and results.