Cyber-physical systems (CPSs) couple their cyber and physical parts to provide mission-critical services, including automated pervasive health care, smart electricity grid, green cloud computing, and surveillance with unmanned aerial vehicles (UAVs). CPSs can use the information available from the physical environment to provide such ubiquitous, energy-efficient and low-cost functionalities. Their operation needs to ensure three key properties, collectively referred to as S3: 1) safety: avoidance of hazards; 2) security: assurance of integrity, authenticity, and confidentiality of information; and 3) sustainability: maintenance of long-term operation of CPSs using green sources of energy. Ensuring S3 properties in a CPS is a challenging task given the spatio-temporal dynamics of the underlying physical environment. In this paper, the formal underpinnings of recent CPS S3 solutions are aligned together in a theoretical framework for cyber-physical interactions, empowering CPS researchers to systematically design solutions for ensuring safety, security, or sustainability. The general applicability of this framework is demonstrated with various exemplar solutions for S3 in diverse CPS domains. Further, insights are provided on some of the open research problems for ensuring S3 in CPSs.