June 30, 2026 · — days remaining
Cybersecurity Compliance · Water Utilities

The compliance
command center
water utilities needed.

AWIA §2013, EPA SDWA §1433, CISA OT, CIRCIA, and every active state mandate — tracked, evidenced, and certifiable. Includes the Banana Translation feature that turns regulatory language into plain English your entire team can actually use.

Launch KORVA Sentinel See Pricing
$250
Risk Snapshot
starting price
17
Federal & state
mandates tracked
24h
Risk Snapshot
turnaround
app.securemywater.site · compliance dashboard
LIVE
Requirement
Deadline
Status
Default Password Elimination
All OT/SCADA · CISA AA26-097A
IMMEDIATE
ACTION NOW
AWIA RRA Recertification
AWIA §2013 · 5-year cycle
JUN 30 2026
UPCOMING
Emergency Response Plan
Within 6 months of RRA
DEC 31 2026
IN REVIEW
CIRCIA 72-Hour Reporting
CISA · 6 U.S.C. §681b
Q4 2026
PENDING
OT/IT Network Segmentation
CISA · NIST CSF 2.0
ONGOING
COMPLIANT
The Banana Feature

Regulatory language.
Translated.

One click on the banana icon and every regulation on screen converts from legalese into plain English that operators, board members, and GMs can actually act on. No training manual required.

This is the strategic moat that makes KORVA Sentinel different from every other compliance tool on the market. Competitors sell to procurement. We speak operator.

AWIA §2013 — RRA Requirements
🍌 Operator Mode
RequirementWhat it means
Risk and Resilience Assessment certification A written certification to the EPA Administrator of the completion of a risk and resilience assessment under §1433(a). You fill out the RRA paperwork and tell EPA you did it. EPA doesn't take the doc — just the sign-off that says it's done.
Cybersecurity risk coverage Assessment shall include risks to the cybersecurity of the system, including electronic, computer, or other automated systems utilized by the system. Your SCADA, PLCs, HMIs, and any computer that runs your water system needs to be in the assessment. That includes the laptop your vendor uses to log in remotely.
Emergency Response Plan integration The ERP shall be updated to reflect findings of the assessment and certified within 6 months of RRA completion. After you finish the RRA, you have 6 months to update your emergency plan to match. If your RRA is June 30, your ERP is due December 31.
Civil penalty exposure Violation of §1433 may result in civil penalties under SDWA §1414 not to exceed the maximum penalty per day of violation. If you miss the deadline or certify something false, EPA can charge you $69,733 per day — starting from the date you were supposed to comply.
Platform Features

Everything a water utility
needs to stay compliant.

5-year recertification, on autopilot.

Risk & Resilience Assessment and Emergency Response Plan tracking with deadline-aware certification workflow. Pre-mapped templates for systems under 50,000. EPA certification packet in minutes.

  • RRA template pre-populated for your size class
  • ERP update window tracked from RRA completion
  • Cyber, physical, chemical, financial scope coverage
  • 5-year document retention, EPA-request ready
  • Signed certification with chain-of-authority
  • Wastewater voluntary parallel coverage
Authority · AWIA §2013 · SDWA §1433 · EPA Enforcement Alert 2024

Close the gaps EPA inspectors find.

Default password elimination. OT/IT segmentation. MFA on remote access. Asset inventory. ICS-CERT advisory tracking. Full WaterISAC Fundamentals coverage, mapped to your devices.

  • Device-by-device default credential remediation
  • Network segmentation architecture documentation
  • MFA enrollment tracking — staff & vendor
  • Asset inventory: PLCs, HMIs, RTUs, sensors
  • CISA Malcolm IDS integration guidance
  • 30-day patch cadence with audit log
Authority · CISA AA23-335A · AA26-097A · WaterISAC 12 Fundamentals · NIST CSF 2.0

Your state's rules, plus the ones coming next.

NY DOH Appendix 5-E. NY DEC 6 NYCRR. NY PSC Part 1200. Indiana SEA 459. Texas TCEQ §290. Every active state mandate and every bill in committee — so you're never blindsided.

  • NY DOH Appendix 5-E (community water >3,300)
  • NY DEC 6 NYCRR Parts 616/650/750 wastewater
  • NY PSC Part 1200 (water-works >50,001)
  • Indiana SEA 459 — annual CVA + biennial cert
  • Texas TCEQ 30 TAC §290.41 self-assessment
  • Legislative monitor — bills, drafts, comments
Authority · NYS DOH · NYS DEC · NYS PSC · IDEM · TCEQ

72 hours. 24 hours. The clock starts whether you're ready.

Pre-built incident workflows with timestamped escalation, regulator-ready notice templates, and decision trees that walk you through "is this a covered incident?" in real time.

  • CIRCIA 72-hour covered incident workflow
  • Ransomware payment 24-hour separate report
  • NY DEC 24-hour oral / 30-day written
  • NY DOH 24-hour public health hazard notice
  • FBI IC3 + OFAC sanctions checklist
  • Forensic evidence with chain of custody
Authority · CIRCIA 2022 · 6 U.S.C. §681b · NY DEC · NY DOH

The compliance advisor on every question.

AXIOM is trained on the full federal and state water-cyber regulatory corpus — and on your specific utility profile. Ask anything in plain English. Get answers tied to your actual deadlines.

  • Plain-English explanation of any regulation
  • "What's at stake if I miss this deadline?"
  • Context-aware to your utility profile
  • Saves conversation history per requirement
  • Generates SOPs, policies, and templates
  • References federal & state statutes inline
Powered by · Anthropic · Claude API

When EPA shows up, the file is ready.

Every artifact a regulator can ask for — organized, versioned, and producible in under five minutes. Asset inventories. Credential policies. Training records. Certification packets.

  • Document version history with sign-off
  • 10-day NY PSC document production ready
  • 5-year retention auto-managed (AWIA)
  • Annual review attestation generator
  • Board / senior officer report exports
  • Audit packet — one-click compile & export
Authority · AWIA Retention · NY PSC Part 1200 · Indiana SEA 459
Pricing

Three layers.
One path to compliant.

Start where you are. Diagnose, plan, then run the system that keeps you compliant every cycle.

Layer 01 · Diagnose
AI Risk Snapshot
$250ONE-TIME

Know exactly where you stand against every federal and state mandate that applies to your utility — in 24 hours, without a consultant.

  • Gap detection across all applicable mandates
  • Deadline exposure timeline
  • Plain-English findings report
Buy Now →
Layer 03 · Operate
Ongoing Compliance System
from $750/MONTH

Live evidence tracking, vendor risk monitoring, incident-readiness workflows, and AXIOM AI advisor — keeping you compliant on every cycle.

  • Sentinel Lite $750/mo · small systems
  • Sentinel $1,500/mo · AWIA-mandated utilities
  • Sentinel Plus · large authorities, custom
  • AXIOM AI advisor included at every tier
Subscribe →
Best for June 2026
AWIA Bundle
$3,500ONE-TIME

Layers 01 + 02 packaged for the June 30 recertification deadline. Self-service or add a licensed PE seal.

  • Risk Snapshot + Implementation Plan
  • AWIA-formatted RRA & ERP deliverables
  • PE-sealed option available from $15,000
Get the Bundle →