"Joined by the United Kingdom, these countries have now published a follow-up document that explains how organizations can leverage asset inventories, SBOMs and other data sources to create and maintain definitive records, a collection of continually updated documents that represent an accurate and up-to-date view of their OT systems. Establishing a definitive record of your organisation's OT will allow you to effectively assess risks and implement the proportionate security controls."
"The authoring agencies admit that creating a definitive record of all OT systems can be complex and time consuming, and recommend prioritizing systems based on their impact to business functions and potential national impact, based on third-party connections that can change configurations or directly control processes, and based on the overall exposure of the system. The guidance focuses on five principles. The first is related to defining processes for establishing and maintaining a definitive record."
Agencies from the United States, Canada, Australia, New Zealand, the Netherlands, Germany and the United Kingdom issued guidance to help OT owners and operators build and maintain definitive records of operational technology. Definitive records are continually updated collections of documents that provide an accurate, current view of OT systems using asset inventories, SBOMs and other data sources. Establishing a definitive record supports effective risk assessment and proportionate security controls by enabling a holistic understanding of asset criticality and potential impacts of compromise. Prioritize systems by business and national impact, third-party control potential, and overall exposure.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]