IEC 62443 · Purdue

RAMPART

Describe your zones and what's in them. Rampart writes the deny-by-default segmentation policy — as real firewall rules.

Start from a template
Zones + add zone
Derives the conduits your assets need, applies Purdue/62443 boundary rules, and flags anything unsafe.
Conduit matrix · source → destination
allowed allowed · review violates boundary denied (default)
Allowed conduits

    
Findings
Deny-by-default. Rules are a reviewed starting point — validate against your process before deploying. Part of the GNSAC OT toolkit.