Overview

• On August 13, CISA and NSA released “Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators” with contributions from the FBI, EPA and six allied cyber agencies.
• The guidance outlines a standardized process for creating and maintaining taxonomy-based OT asset inventories to improve visibility and support risk identification, vulnerability management and incident response.
• Operators receive industry examples and asset fields tailored to sectors such as oil and gas, electricity and water to accelerate implementation of living inventories.
• Recommended practices align with Cross-Sector Cybersecurity Performance Goals and address heightened exposure as operational technology environments become more connected.
• Agencies emphasize that the document is voluntary best-practice guidance, not a new regulation, and will be updated regularly to reflect technological and adoption developments.