The Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency, the Federal Bureau of Investigation, Environmental Protection Agency, and several international partners, recently released comprehensive guidance to help operational technology (OT) owners and operators across all critical infrastructure sectors create and maintain OT asset inventories and supplemental taxonomies.
An asset inventory is a regularly updated, structured list of an organization's systems, hardware, and software. It includes a categorization system—a taxonomy—that classifies assets based on their importance and function. This guidance explains how OT owners and operators can create, maintain, and use asset inventories and taxonomies to identify and safeguard their critical assets.
Following this guidance, organizations may gain deeper insights into their architecture, optimize their defenses, better assess and reduce cybersecurity risk in their environments, and enhance incident response planning to ensure service continuity.
This guidance was developed to provide operational technology (OT) owners and operators across all critical infrastructure sectors with a systematic approach for creating and maintaining an OT asset inventory and supplemental taxonomy—essential for identifying and securing critical assets, reducing the risk of cybersecurity incidents, and ensuring the continuity of the organization's mission and services.
According to CISA, by following the outlined process, organizations can enhance their overall security posture, improve maintenance and reliability, and ensure the safety and resilience of their OT environments.
