RRA Recertification Deadline: June 30, 2026 for water utilities serving 3,301–49,999 — days remaining EPA Enforcement: 70% of inspected water utilities found in active violation SCADA Alert: Iranian threat actors actively targeting water system PLCs New York Water Utilities: Three new state cyber rules now in effect Wastewater Operators: 24-hour incident reporting now mandatory in NY Penalty Exposure: $69,733 per day per SDWA §1433 violation Federal Reporting: CIRCIA 72-hour incident rule anticipated — final rule pending RRA Recertification Deadline: June 30, 2026 for water utilities serving 3,301–49,999 — days remaining EPA Enforcement: 70% of inspected water utilities found in active violation SCADA Alert: Iranian threat actors actively targeting water system PLCs New York Water Utilities: Three new state cyber rules now in effect Wastewater Operators: 24-hour incident reporting now mandatory in NY Penalty Exposure: $69,733 per day per SDWA §1433 violation Federal Reporting: CIRCIA 72-hour incident rule anticipated — final rule pending

One dashboard. Every requirement. Always certification-ready.

KORVA Sentinel is the ongoing compliance system that tracks AWIA §2013, SDWA §1433, CISA OT guidance, CIRCIA reporting, and every applicable state mandate — live, evidenced, and ready to hand an inspector at any time.

See Sentinel Pricing Visit securemywater.site
17
Federal & state
mandates tracked
24/7
Live evidence
tracking
AXIOM
AI advisor
included
RRA Recertification
Emergency Response Plan
SCADA Security
Incident Reporting
State Mandates
Wastewater Compliance
Vulnerability Assessment
EPA Inspection Ready

How It Works

Compliance you can actually operate.

Sentinel replaces the spreadsheet, the consultant, and the guesswork. Three steps from setup to audit-ready.

01
Profile

Map your system.

Connect your utility profile — system size, state, source type, existing documents. Sentinel builds your full mandate exposure map in under 10 minutes.

02
Track

Every deadline. One screen.

Live dashboard shows every active requirement — federal, state, and sector — with real deadlines, evidence status, and what needs action this week.

03
Stay Ready

Audit-ready. Always.

AXIOM guides you through compliance work as mandates evolve. Your evidence vault stays inspector-ready at all times — no scrambling before a visit.

Every mandate. Every deadline. One screen.

app.korva.systems · sentinel · tri-county-tx-0047
LIVE
Compliant
3
requirements met
Action Now
5
immediate
In Review
4
pending
Upcoming
5
90 days
Score
32%
posture
Compliance Posture
32 / 100
Requirement
Deadline
Status
Default Password Elimination
All OT/SCADA devices · CISA AA26-097A
IMMEDIATE
ACTION NOW
Risk & Resilience Assessment (RRA)
AWIA §2013 · 5-year cycle
JUN 30 2026
UPCOMING
Emergency Response Plan (ERP)
Within 6 months of RRA
DEC 31 2026
IN REVIEW
CIRCIA 72-Hour Incident Reporting
CISA · 6 U.S.C. §681b
Q4 2026
PENDING
OT/IT Network Segmentation
CISA · NIST CSF 2.0
ONGOING
COMPLIANT
— Actual product UI · Live data · AXIOM advisor embedded —

One system. Every mandate.

Sentinel maps the full regulatory topology — federal, state, sector, and insurer-driven — to your specific utility profile, then operationalizes the work.

5-year recertification, on autopilot.

Risk & Resilience Assessment and Emergency Response Plan tracking with deadline-aware certification workflow. Pre-mapped templates for systems under 50,000. EPA Administrator certification packet in minutes.

  • RRA template pre-populated for your size class
  • ERP must-update window tracked from RRA
  • Cyber, physical, chemical, financial scope
  • 5-year document retention, EPA-request ready
  • Signed certification with chain-of-authority
  • Wastewater (WWTP) voluntary parallel coverage
Authority · AWIA §2013 · SDWA §1433 · EPA Enforcement Alert 2024

Close the gaps EPA inspectors are finding.

Default password elimination. OT/IT segmentation. MFA on remote access. Asset inventory. ICS-CERT advisory tracking. Full WaterISAC Fundamentals coverage, mapped to your devices.

  • Device-by-device default credential remediation
  • Network segmentation architecture documentation
  • MFA enrollment tracking — staff & vendor
  • Asset inventory: PLCs, HMIs, RTUs, sensors
  • CISA Malcolm IDS integration guidance
  • 30-day patch cadence with audit log
Authority · CISA AA23-335A · AA26-097A · WaterISAC 12 Fundamentals · NIST CSF 2.0

72 hours. 24 hours. The clock starts whether you're ready.

Pre-built incident workflows with timestamped escalation, regulator-ready notice templates, and decision trees that walk you through "is this a covered incident?" in real time.

  • CIRCIA 72-hour covered incident workflow
  • Ransomware payment 24-hour separate report
  • NY DEC 24-hour oral / 30-day written
  • NY DOH 24-hour public health hazard
  • FBI IC3 + OFAC sanctions checklist
  • Forensic evidence with chain of custody
Authority · CIRCIA 2022 · 6 U.S.C. §681b · NY DEC · NY DOH

Your state's rules, plus the ones coming next.

New York's three-rule cyber stack. Indiana SEA 459. Texas TCEQ. New Jersey WQAA. Every active state mandate and every bill in committee — so you never get blindsided by a deadline.

  • NY DOH Appendix 5-E (community water >3,300)
  • NY DEC 6 NYCRR Parts 616/650/750 wastewater
  • NY PSC Part 1200 (water-works >50,001)
  • Indiana SEA 459 — annual CVA + biennial cert
  • Texas TCEQ 30 TAC §290.41 self-assessment
  • Legislative monitor — bills, drafts, comments
Authority · NYS DOH · NYS DEC · NYS PSC · IDEM · TCEQ

The compliance advisor on every question.

AXIOM is trained on the full federal and state water-cyber regulatory corpus — and on your specific utility profile. Ask anything in plain English. Get answers tied to your actual deadlines and your actual next move.

  • Plain-English explanation of any regulation
  • "What's at stake if I miss this deadline?"
  • Context-aware to your utility profile
  • Saves conversation history per requirement
  • Generates SOPs, policies, and templates
  • References federal & state statutes inline
Powered by · Anthropic · Claude

When EPA shows up, the file is ready.

Every artifact a regulator can ask for, organized, versioned, and producible in under five minutes. Asset inventories. Credential policies. Training records. Incident logs. Self-assessment forms. Certification packets.

  • Document version history with sign-off
  • 10-day NY PSC document production ready
  • 5-year retention auto-managed (AWIA)
  • Annual review attestation generator
  • Board / senior officer report exports
  • Audit packet — one-click compile & export
Authority · AWIA Retention · NY PSC Part 1200 · Indiana SEA 459

Built for America's water authority — community, non-community, and the systems Washington forgot.

Ready to see where your utility stands?

Start at securemywater.site See Sentinel Pricing Back to Overview