These new guidelines from multiple national cybersecurity agencies urge OT operators to maintain a continually updated, definitive inventory of their system architecture. Instead of treating asset tracking as a one-time project, organizations should build ongoing processes to integrate information from SBOMs, network logs, configuration tools, and third-party sources, ensuring that the view of assets, interconnections, and dependencies stays current and accurate.

The guidance stresses five core principles: define processes to create and maintain the inventory, secure the inventory given its sensitive nature, classify assets for risk prioritization, map connectivity and communication paths, and document third-party relationships and access. Because building a full inventory can be daunting, operators are encouraged to begin with systems that have high business or national impact, then expand gradually. Continuous coordination between IT and OT teams is also highlighted as critical to bridging knowledge gaps and keeping the inventory aligned with real operational status.

‍

Source: https://www.securityweek.com/new-guidance-calls-on-ot-operators-to-create-continually-updated-system-inventory/