When an electrical system control architecture needs to be extended with new functionality, it is necessary to manage the cybersecurity consequences of design choices. Standards, methodologies and support tools can provide guidance early in the design stages by preventing costly corrective actions; this article describes the approach proposed in the European project OSMOSE (Optimal System-Mix Of flexibility Solutions for European Electricity). Within OSMOSE, a new Zonal Energy Management System (Z-EMS) is designed. The Z-EMS has to be integrated into a pre-existing monitoring and control architecture. This paper describes the methodology used to determine the cybersecurity requirements to be applied to the extended IT/OT control architecture resulting from the introduction of Z-EMS; specifically, starting with the high-level architecture of the subsystems interacting with Z-EMS, a set of high-level cybersecurity requirements were determined by applying NISTIR 7628 guidelines. Initially, the high-level architecture was specified and mapped onto the SGAM (Smart Grid Architecture Model) plane with the support of specific software tools, focusing on identifying the key subsystems involved by the major data exchanges. The subsystems were then associated with the actors identified by the NISTIR 7628 guidelines; in doing so, it was necessary to enrich some of the NISTIR actors with new interfaces because those originally available were not adequate to represent the functionality of the subsystems in the updated architecture; the extensions were made in analogy and in accordance with the NISTIR methodology.