The paper considers the formal hierarchical model of the (cyber)security policy for Instrumentation and Controls system (I&C) by use of an example of the digital upper unit level I&C system (UULS) of a nuclear power plant (NPP). Also in the paper we present a tool for fast prototyping and verification of the I&C security policy. The use case of the formal security model for the UULS security policy verification is presented and discussed. The relations and transfer of the access rights between the subjects and objects of the model are analyzed. The standard NPP UULS is characterized by the way of an example of the UULS developed at the Trapeznikov Institute of Control Sciences of the Russian Academy of Sciences.