The United Kingdom’s National Cyber Security Centre, in partnership with the Cybersecurity and Infrastructure Security Agency, the FBI and other international partners, has published new joint guidance aimed at helping organizations secure their operational technology environments.
The document, titled “Creating and Maintaining a Definitive View of Your Operational Technology Architecture,” builds on the recent Foundations for OT Cybersecurity: Asset Inventory Guidance and provides actionable steps to strengthen defenses against cyberthreats, CISA said.
CISA is a DHS agency. Potomac Officers Club’s 2025 Homeland Security Summit offers an inside look at the latest programs, technologies and strategies shaping America’s defense against evolving threats. Register to be part of the homeland security conversation.
Table of Contents
Building a Definitive OT Record
The guidance emphasizes that a central, authoritative record of an organization’s OT architecture is essential for effective risk management. The record should incorporate data from multiple sources, including asset inventories, vendor documentation and software bills of materials, to ensure accuracy and visibility across systems. Maintaining the record allows operators to identify vulnerabilities, understand interdependencies and prioritize protections for the most critical and exposed assets.
Architectural Controls and Standards Alignment
According to the guidance, organizations should implement strong architectural controls such as segmentation, zoning and access restrictions to protect critical OT systems. The measures should align with international standards like International Electrotechnical Commission 62443 for industrial control system security and International Organization for Standardization/IEC 27001 for information security management.
The document also highlights the need to manage third-party and supply chain risks by integrating supplier-provided data and patching requirements into the OT record.
CISA and its partners note that OT security is not a one-time exercise. To remain effective, the definitive OT record must be continuously updated through configuration management, monitoring and change management processes.
The guidance recommends fostering collaboration between IT and OT teams to align governance, security policies and incident response procedures.
Enabling Risk Reduction and Resilience
By maintaining an accurate and comprehensive view of OT environments, organizations are meant to be able to conduct more thorough risk assessments, address cost asymmetries between threats and defenses, and implement security controls more effectively.
According to the guidance, establishing a definitive OT record is a critical step toward reducing risk and strengthening resilience. It urges operators to adopt a proactive approach to safeguarding systems that are essential to national infrastructure.
Related Articles
The U.S. Army has signed new rapid prototype other transactional authority, also known as OTA, agreements with General Dynamics Mission Systems and Pacific Defense to build a chassis that would enable soldiers to plug and play capabilities into military vehicles. Plug-and-Play Capabilities The technology is dubbed CMFF, which is short for Command, Control, Computers, Communications, Cyber, Intelligence, Surveillance and Reconnaissance/Electronic Warfare Modular Open Suite of Standards Mounted Form Factor. It offers both hardware and software designed to converge multiple legacy systems into one chassis in ground and aviation platforms. CMFF is equipped with power, networks and radio frequency to support
The National Oceanic and Atmospheric Administration has tapped Raytheon for a mission design and feasibility study on weather imagery capabilities under its Near Earth Orbit Network, or NEON, Stratus project. The company will conduct the Stratus critical design review study under an other transaction agreement NOAA signed with Raytheon valued about $5.9 million, the agency said Friday. Raytheon’s CDR study will focus on a U.S. Space Force design adapted to NOAA’s requirements for Stratus. Under NEON, low-Earth orbit environmental satellites will be launched for weather forecasting, environmental observation and public safety. The program also seeks to demonstrate faster data delivery
The Government Accountability Office has identified 44 previously issued recommendations that remain unresolved at the Office of the Director of National Intelligence. The congressional watchdog said in a report published Friday that addressing the open recommendations would improve workforce, intelligence enterprise, and infrastructure and facilities management. Hear from senior ODNI leaders at the Potomac Officers Club’s 2025 Intel Summit on Oct. 2. The in-person event will feature panels on commercial and emerging technologies and threats relevant to the IC. Attendees will also have opportunities to network with government and industry leaders. Secure your tickets to the highly anticipated event today!