Blog

Helping OT Organizations to Establish Defensible Architecture and More Resilient Operations

Developed Through JCDC, CISA’s “Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators” is a Strategic Enabler for Cyber Defense Operations

Released

September 24, 2025

By Clayton Romans, Associate Director for Joint Cyber Defense Collaborative

Related topics:

Cybersecurity Best Practices

In today’s increasingly interconnected industrial landscape, operational technology (OT) systems are no longer isolated islands of automation—they’re deeply entwined with information technology and business networks, making them prime targets for cyber threats. Recognizing this growing risk, the Cybersecurity and Infrastructure Security Agency (CISA) collaborated with three U.S. federal agencies and five international partners and received contributions from twelve private sector stakeholders to develop and publish, “Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators”. This key resource helps owners and operators of OT systems create stronger, more secure infrastructures by building a clear inventory and classification of their assets. By identifying, organizing, and managing OT assets effectively, organizations can not only improve cybersecurity but also enhance operational reliability, safety, and resilience.

Created by Operators, for Operators

Through the Joint Cyber Defense Collaborative (JCDC), CISA collaborated closely with critical infrastructure owners, operators and other stakeholders to identify systemic gaps and critical needs across the evolving cyber threat landscape, and work hand-in-hand to co-develop effective and impactful solutions. The technical insights and real-world experiences of professionals that manage OT environments daily are reflected in this guide, both the operational realities and strategic foresight.

In eight focused working sessions, industry contributors played a central role in shaping the content, offering insights that are both practical and field-tested. Separate from these sessions, CISA coordinated technical reviews from industry, federal, and international stakeholders across multiple sectors to ensure the guidance is relevant and applicable. The result is a robust framework for building foundational asset inventories and taxonomies that are actionable and resilient.

What is an OT Asset Inventory?

An OT asset inventory is a dynamic list, containing an updated map of the devices, systems, and software that make up the operational backbone of critical environments. From industrial control systems to sensors, Human-Machine Interface (HMIs), servers, and specialized applications, every component plays a role in the broader ecosystem. Without visibility into these assets, organizations are effectively operating without a full view of their potential vulnerabilities.

When implemented effectively, an asset inventory becomes more than a record; it’s a strategic tool. It helps organizations uncover interdependencies across their environment, assess risk, segment networks to limit or eliminate lateral movement, and strengthen overall resilience. Achieving that level of control is possible for operators nationwide, but it demands a disciplined, consistent approach to managing one’s environment. This guide helps organizations establish and maintain the appropriate discipline and consistency.

Why is This So Important Now?

In recent years, cyber incidents targeting OT environments have demonstrated just how damaging a lack of asset visibility can be. Attackers often exploit forgotten devices, outdated firmware, or weakly segmented networks to establish initial access, then move laterally across interconnected systems, compromising critical assets and disrupting core operations.

An accurate and regularly maintained asset inventory closes those gaps by ensuring each component is known, categorized, assigned criticality, and protected according to its risk profile. While each operator should strive to collect every asset in their environment, start by prioritizing assets based on criticality and evolve the list continuously until a complete record is captured.

Moreover, an OT asset inventory is foundational for alignment with industry standards. Whether it’s NIST, IEC 62443, or sector-specific frameworks, most cybersecurity best practices begin with “know what you have.” Without this initial step, everything else—from vulnerability management to incident response—lack the necessary visibility and structure to be effective.

From Inventory to Action

The real value of an OT asset inventory comes when it is integrated into daily operations. With an asset inventory, operators can:

Prioritize vulnerabilities based on criticality and exposure.
Detect unauthorized devices before they become attack vectors.
Support network segmentation efforts by mapping communication flows.
Enable incident response teams to act quickly and accurately.

Building Towards the Vision

Having a complete and accurate OT asset inventory is the essential first step toward building a defensible architecture and more resilient operations. CISA’s guidance makes that complex process clear and achievable, empowering organizations to take decisive action.

More than just a technical manual, this guidance serves as a strategic enabler for cyber defense actions and operational collaboration with CISA and other key stakeholders. With a precise understanding of the assets within an operator’s infrastructure, Common Vulnerabilities and Exposures (CVEs) added to CISA’s Known Exploited Vulnerabilities Catalog or to stakeholder notifications and threat advisories become significantly more actionable and timely—helping operators reduce risk proactively, before incidents escalate.

To support this effort, CISA offers tools and resources, including MALCOLM for network traffic analysis, no-cost Cyber Hygiene vulnerability scanning, Cyber Security Evaluation Tool (CSET) and cross-agency support to help validate and manage asset data. Additionally, CISA provides support through regional Protective Security Advisors (PSAs), Cyber Security Advisors (CSAs), Emergency Communications Coordinators (ECCs), and Chemical Security Inspectors (CSIs). Visit CISA Regions webpage to contact this personnel support nearest to your location.

What’s Next?

Join us for a webinar on September 30, 2:00-3:00 p.m. ET where we will walk through this new guidance and share practical steps to develop an asset inventory for operators of all sizes across critical infrastructure sectors, with insights especially valuable for small- and medium-sized organizations. This event is open to the public and does not require registration in advance. Please share this event with any stakeholders in your networks who may be interested!

Explore more at CISA.gov/ics to strengthen your OT cybersecurity strategy from the ground up.

Helping OT Organizations to Establish Defensible Architecture and More Resilient Operations

The Mandate, Mission, and Momentum to lead the CVE Program into the Future belongs to CISA

The Joint SAFECOM-NCSWIC Project 25 (P25) User Needs Working Group (UNWG) releases the UNWG Video Series

Tackling the National Gap in Software Understanding

Securing Core Cloud Identity Infrastructure: Addressing Advanced Threats through Public-Private Collaboration

Helping OT Organizations to Establish Defensible Architecture and More Resilient Operations

Related Articles

The Mandate, Mission, and Momentum to lead the CVE Program into the Future belongs to CISA

The Joint SAFECOM-NCSWIC Project 25 (P25) User Needs Working Group (UNWG) releases the UNWG Video Series

Tackling the National Gap in Software Understanding

Securing Core Cloud Identity Infrastructure: Addressing Advanced Threats through Public-Private Collaboration