The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), together with international cyber security partners, has released new guidance on creating and maintaining a definitive view of your organisation’s operational technology (OT) architecture.
As OT systems become more connected and exposed to external services, having a clear and accurate understanding of your OT architecture is essential for effectively managing cyber security risks to your organisation.
Whether you're managing legacy systems or deploying new ones, this guidance provides 5 key principles for how organisations should build, store, and maintain a clear understanding of all their OT systems, including:
- Defining processes for establishing and maintaining the definitive record.
- Establishing an OT information security management program.
- Identifying and categorising assets to support informed, risk-based decisions.
- Identifying and documenting connectivity within your OT system.
- Understanding and documenting third-party risks to your OT system.
This isn’t just a process for documentation - it’s a strategic asset that enables organisations to make informed decisions, implement stronger controls, reduce risks of cyber attacks, and increase resilience against cyber threats.
Read the full publication, Creating and maintaining a definitive view of your Operational Technology (OT) Architecture to learn more.