CISA, in collaboration with the Federal Bureau of Investigation, the United Kingdom’s National Cyber Security Centre, and other international partners has released new joint cybersecurity guidance: Creating and Maintaining a Definitive View of Your Operational Technology (OT) Architecture.
Building on the recent Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators, this guidance explains how organizations can leverage data sources, such as asset inventories and manufacturer-provided resources like software bill of materials to establish and maintain an accurate, up-to-date view of their OT systems.
A definitive OT record enables organizations to conduct more comprehensive risk assessments, prioritize critical and exposed systems, and implement appropriate security controls. The guidance also addresses managing third-party risks, securing OT information, and designing effective architectural controls.
Key recommendations include:
- Collaborating Across Teams: Foster coordination between OT and IT teams;
- Aligning with Standards: Follow international standards such as IEC 62443 and ISO/IEC 27001.
Organizations are encouraged to use this guidance to strengthen their OT security posture and reduce risks. For additional details, review the full guidance: Creating and Maintaining a Definitive View of Your Operational Technology (OT) Architecture
