The ISA/IEC 62443 series of standards — the world's leading standards for operational technology (OT) cybersecurity — were included in a guidance document published 13 August 2025 by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
The document, titled "Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators," provides guideposts for OT owners and operators in critical infrastructure sectors to build a modern defensible architecture. This guidance includes creating and maintaining an OT asset inventory as well as an accompanying taxonomy to reduce cyber risk and ensure mission and service continuity.
On page 9, CISA highlights ISA/IEC 62443 as its source for developing OT asset inventory taxonomies. ISA/IEC 62443 is widely trusted and used across many industries, and it sets the terms of the OT cybersecurity conversation on a global scale. This reference from CISA underlines the broad importance of this series of standards.
Quick Summary of the CISA OT Cybersecurity Guidance Document (13 August 2025)
This guidance document from CISA walks OT owners and operators through how to build an asset inventory and an OT taxonomy. In plain terms, they can start by setting the scope and goals, listing assets, capturing key details about them, grouping them into a clear taxonomy, getting data in order and implementing lifecycle management. These steps help give asset owners and operators a reliable, always-current view of their OT environment.
The document also covers what to do next: how to use, maintain and continually improve that inventory to protect an organization's most critical assets. That includes introducing OT cybersecurity and risk management best practices, supporting maintenance and reliability, tracking performance and reporting, training the workforce and driving consistent improvements over time.
Download This Resource
The document described in this blog post is available for download from CISA at the link below.
