The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with eight other national cyber agencies, has released a comprehensive “Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators.”
Published on August 13, 2025, this new guide equips critical infrastructure stakeholders—spanning energy, water and wastewater, manufacturing, and beyond—with best practices for developing and maintaining operational technology (OT) asset inventories and taxonomies.
Reinforcing Modern Defensible Architectures
CISA underscores that a thorough OT asset inventory is foundational to constructing a modern defensible architecture.
By cataloguing every control system, sensor, communication device, and associated hardware and software, owners and operators gain visibility into their networks’ attack surfaces.
The guide explains how an OT taxonomy—a structured classification system based on asset function and criticality—enables more efficient risk identification, vulnerability management, and incident response.
The guide outlines a clear five-step process:
- Define Scope and Objectives: Establish governance, assign roles,…
