Building on the recent Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators, this guidance explains how organizations can leverage data sources, such as asset inventories and manufacturer-provided resources like software bill of materials to establish and maintain an accurate, up-to-date view of their OT systems.
A definitive OT record enables organizations to conduct more comprehensive risk assessments, prioritize critical and exposed systems, and implement appropriate security controls. The guidance also addresses managing third-party risks, securing OT information, and designing effective architectural controls.
Key recommendations include:
- Collaborating Across Teams: Foster coordination between OT and IT teams;
- Aligning with Standards: Follow international standards such as IEC 62443 and ISO/IEC 27001.
Organizations are encouraged to use this guidance to strengthen their OT security posture and reduce risks. For additional details, review the full guidance: Creating and Maintaining a Definitive View of Your Operational Technology (OT) Architecture
https://www.cisa.gov/news-events/alerts/2025/09/29/cisa-and-uk-ncsc-release-joint-guidance-securing-ot-systems