U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Announcements

New NCCoE Project: Asset Management and Visibility for Operational Technology (OT) Environments

NIST | NCCoE

The NIST National Cybersecurity Center of Excellence (NCCoE) is continuing its work to solve real-world cybersecurity challenges with a new project that will demonstrate practical approaches for Operational Technology (OT) asset management, including automated and manual discovery, inventory management, configuration management, and change management processes. In this project, the NCCoE plans to collaborate with asset owners, operators, and solution providers to demonstrate real-world technologies for OT asset management and visibility using commercially available products. 

The NCCoE is seeking feedback on the draft Project Description Asset Management as a Foundation for OT Cybersecurity, outlining the proposed scope, challenges, and technical approach for the project. In addition, the project description provides a high-level reference architecture, desired capabilities for potential demonstrations, and alignment with relevant standards and guidelines, including outcomes in the NIST Cybersecurity Framework (CSF) 2.0.  

Background: Asset Management for OT

AI is accelerating both the discovery and exploitation of cybersecurity vulnerabilities—making foundational cybersecurity practices like asset management more important than ever. As organizations look to modernize OT environments, adapt to AI-driven cybersecurity threats and vulnerabilities, and adopt cybersecurity practices, effective approaches for asset management and visibility are increasingly important. 

However, OT operators often face challenges in maintaining a comprehensive understanding of their OT assets. Without a comprehensive OT asset management program, organizations may find it difficult to implement modern cybersecurity practices such as risk assessment, network segmentation, vulnerability management, incident response, zero trust architectures, and technology modernization efforts.  

The NCCoE’s laboratory demonstration will enable the development of source code, scripts, architectures, procedures, and guidelines to help organizations achieve the visibility necessary to detect and respond to modern cyber threats in their OT environments.

Comment Now! 

The NCCoE is seeking input from asset owners, operators, technology providers, and cybersecurity practitioners to help shape this project. Feedback will help refine the project scope, use cases, reference architecture, and demonstration objectives. 

Once public feedback has been integrated into the project plan, the NCCoE anticipates seeking collaborators to participate in project demonstrations and development activities. Please visit the NCCoE project page to view the draft Project Description and submit comments before July 31, 2026