The Cybersecurity and Infrastructure Security Agency, in collaboration with the Federal Bureau of Investigation, the United Kingdom’s National Cyber Security Centre, and other international partners, released new Joint Cybersecurity Guidance: Creating and Maintaining a Definitive View of Your Operational Technology (OT) Architecture. |
Building on the recent Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators, this guidance explains how organizations can leverage data sources, such as asset inventories, and manufacturer-provided resources, such as software bill of materials , to establish and maintain an accurate, up-to-date view of their OT systems. |
A definitive OT record enables organizations to conduct more comprehensive risk assessments, prioritize critical and exposed systems, and implement appropriate security controls. The guidance also addresses managing third-party risks, securing OT information, and designing effective architectural controls. |
Key recommendations include: |
Collaborating Across Teams: Foster coordination between OT and IT teams; Aligning with Standards: Follow international standards such as IEC 62443 and ISO/IEC 27001. |
Organizations are encouraged to use this guidance to strengthen their OT security posture and reduce risks. For additional details, review the full guidance. |
To learn more about developing an OT Asset Inventory, attend CISA’s webinar on September 30 at 2:00 p.m. (ET). |