This document provides guidance to set-up and manage/update a cybersecure HBES/BACS connected to Internet. This document provides: 1) categories of HBES/BACS networks related to cybersecurity updates: managed networks; unmanaged networks; 2) risk analysis guide for the above-mentioned categories: at device level for both managed and unmanaged networks; at system level for managed ones only. For manufacturers, the document provides a classification based on the security levels from existing standards (ETSI EN 303 645, EN IEC 62443 (all parts)). For installers, system integrators and administrators of HBES/BACS this document provides guidance for each responsible actor, as listed below: system integrators and administrators: a generic method for assessment of the security risk for each product in the perspective of the overall system. The result of the evaluation gives the minimum required security level on product level corresponding to the manufacturer classification; best practice measures on the system security level; a guide to enhance the maturity level of the cyber security management process. installers, system integrators and administrators: a guide to select products to comply with the required security level during configuration and operation. In some commercial applications, dedicated standards can apply per country that are not covered by this document, e.g.: fire (e.g. detection, alarm); medical; security applications: Intruder alarms, video surveillance, access control; critical infrastructure; AAL (Active assisted living). For such applications not covered by this document the specification could be used as guidance.