CISA and UK NCSC Release Joint Guidance for Securing OT Systems

CISA, in collaboration with the Federal Bureau of Investigation, the United Kingdom’s National Cyber Security Centre, and other international partners has released new joint cybersecurity guidance: Creating and Maintaining a Definitive View of Your Operational Technology (OT) Architecture.

Building on the recent Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators, this guidance explains how organizations can leverage data sources, such as asset inventories and manufacturer-provided resources like software bill of materials to establish and maintain an accurate, up-to-date view of their OT systems.

A definitive OT record enables organizations to conduct more comprehensive risk assessments, prioritize critical and exposed systems, and implement appropriate security controls. The guidance also addresses managing third-party risks, securing OT information, and designing effective architectural controls.

Key recommendations include:

• Collaborating Across Teams: Foster coordination between OT and IT teams;
• Aligning with Standards: Follow international standards such as IEC 62443 and ISO/IEC 27001.

Organizations are encouraged to use this guidance to strengthen their OT security posture and reduce risks. For additional details, review the full guidance: Creating and Maintaining a Definitive View of Your Operational Technology (OT) Architecture