A cybersecurity system for use in a process plant provides whitelisting of device specific and common practice HART read commands in process controllers and safety controllers to perform communications in a process plant that are very secure, but that still enable the implementation of advanced functionality provided in HART devices. A whitelist implementation application applies one or more whitelists in a security gateway device to determine if messages, such as HART messages, should be allowed or processed. A whitelist learning application automatically creates and configures whitelists, and a whitelist configuration application discovers Device Specific and Common Practice HART commands by issuing device description requests to specific devices, parsing the response, and communicating the whitelist configuration information with the parsed command types to the relevant process controllers and safety controllers for use in the whitelists. A user interface enables users to interact with and guide the configuration process.