In industrial control systems, the cybersecurity and cybersecurity measures are tightly bound to the technological and physical characteristic of a plant. It means that cybersecurity measures must be designed at the earliest stages of a control system lifecycle. The paper presents a method that implements the secure-by-design principle and provides conformance between target general cybersecurity requirements resulted from the risk assessment and the cybersecurity architecture of a designed system. The considered method uses graph models of both requirements and the architecture and gives the algorithms of mapping and comparison of the models. A criterion of proximity between two models is proposed. As an example, the paper describes cybersecurity architecture synthesis for a typical information channel in a instrumentation and control system.