Company
Support
Login
Book a Demo
Contact Us
OT Forum

Third-party access to OT, done right.

A two-part best-practice reference for vendor-neutral, defensible remote access to operational technology, mapped clause by clause to NIS2, BEK 260 and IEC 62443. Free to read. No form. No gate.

Get the guides See the compliance mapping

Published by BifrostConnect. Technical review by Mikael Vingaard, ICSRange.
Version 1.21 · June 2026 · Written for water, energy and industrial OT operators, and the partners who serve them.

The guide

Two parts, one reference.

Part 1 is the vendor-neutral framework. Part 2 maps each Part 1 control to a BifrostConnect deployment. Read either on its own, or both together.

Front page of the OT Best-Practice Guide to 3rd Party Remote Access, Part 1, version 1.21, June 2026
Part 1 · Vendor-neutral framework

OT Best-Practice Guide to 3rd Party Remote Access

The framework any defensible solution must satisfy: threat model, five core principles, four access scenarios, and a compliance crosswalk.

  • Five core principles, anchored by the OT Island Principle and Zero Standing Privilege
  • Four access patterns, by site scale and where the programming software runs
  • Recommended first actions: what to change in the next 30 days
Download Part 1 (PDF)
v1.21 · June 2026 · Free, no email gate Preview ›
Front page of the BifrostConnect Implementation Guide, Part 2, version 1.21, June 2026
Part 2 · BifrostConnect implementation

BifrostConnect Implementation Guide

The companion that maps each Part 1 control to a working architecture with Unified Out-of-Band Access™: product mapping, architecture and implementation hardening guidance.

  • Three access methods: Direct Native Access, Direct Tunnel Access and Clientless Tunnel Access
  • A concrete product mix for each of the four access scenarios
  • Option for forced session recording - no matter where your programming licenses are located
Download Part 2 (PDF)
v1.21 · June 2026 · Free, no email gate Preview ›
The central insight

OT initiates outbound.
OT never accepts inbound.

The OT Island Principle: the single operational rule every access pattern in the guide is built on, from the smallest waterworks to the largest grid operator.

Compliance

Built around the regulations that matter.

Part 1 maps each control to the clauses your auditors and tender writers will ask about.

NIS2 Article 21

Technical and organisational measures, and third-party risk management.

BEK 260

Danish energy-sector resilience and emergency-preparedness requirements.

IEC 62443-2-4 / 3-3

Security programme and system requirements for industrial automation and control systems.

The full, control-by-control crosswalk is inside Part 1.

See the defensible pattern in action.

A 30-minute walkthrough of brokered, time-bound, fully audited third-party access to OT, without opening your network.

Book a Demo Get the guides

Sources

  • NIS2 Directive (EU) 2022/2555 · eur-lex.europa.eu
  • NIS 2-loven, lov nr. 1598 af 2024 (DK) · retsinformation.dk
  • BEK 260: modstandsdygtighed og beredskab i energisektoren (DK)
  • IEC 62443-2-4, 62443-3-3, 62443-4-2 · ISA / IEC
  • NIST SP 800-82r3, Guide to Operational Technology Security · csrc.nist.gov
  • Full citation list with retrieval dates: inside both guides

Page references retrieved 2026-06-12. Guide content: v1.21, June 2026.

Where VPNs end, BifrostConnect.