In industrial control systems, the cybersecurity and cybersecurity measures are tightly bound to
the technological and physical characteristic of a plant. It means that cybersecurity measures must be
designed at the earliest stages of a control system lifecycle. The paper presents a method that implements
the secure-by-design principle and provides conformance between target general cybersecurity
requirements resulted from the risk assessment and the cybersecurity architecture of a designed system.
The considered method uses graph models of both requirements and the architecture and gives the
algorithms of mapping and comparison of the models. A criterion of proximity between two models is
proposed. As an example, the paper describes cybersecurity architecture synthesis for a typical information
channel in a instrumentation and control system.