An industrial security policy configuration system generates and implements security policies for industrial automation systems based on design data for the industrial systems generated by device manufacturers, system integrators, original equipment manufacturers, or the owners of the industrial assets during the design of the industrial systems. the collected design data to a security rule set defining device-level communication privileges. The system translates the collected design data to a security rule set defining device-level communication privileges, which are then translated to a comprehensive set of security policies customized to the requirements of the industrial systems represented by the design data. By leveraging the rich set of available design data to identify or infer security requirements and generate suitable security configurations, the system can mitigate the need to manually configure security policies based on human judgments regarding normal and abnormal network traffic.