U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Operational Technology Asset Management

Organizations face challenges in maintaining an up-to-date understanding of their OT assets, including devices, systems, and configurations. As organizations modernize OT environments, adapt to AI-driven cybersecurity threats and vulnerabilities, and adopt cybersecurity practices such as zero trust, effective asset management and visibility have become increasingly important foundational capabilities.  

Demonstrating practical approaches to achieve and maintain asset management and visibility for OT environments.

Operational Technology (OT) environments often lack comprehensive asset management programs due to limited resourcing, geographically distributed assets, and operational constraints. Maintaining complete asset management and visibility is the cornerstone of a defensible OT architecture and is foundational for implementing cybersecurity practices such as risk assessment, network segmentation, vulnerability management, incident response, zero trust architectures, and technology modernization efforts.  This NCCoE project seeks to demonstrate practical, real-world approaches to OT asset management, including automated and manual discovery, inventory management, configuration management, and change management processes. This project will provide example implementations aligned with NIST Cybersecurity Framework (CSF) 2.0 and relevant security standards and guidelines to help organizations establish and maintain the visibility needed to manage modern cybersecurity threats and support broader OT resilience efforts.
Status: Defining Scope

The NCCoE is seeking feedback on the draft Project Description Asset Management as a Foundation for OT Cybersecurity, outlining the proposed scope, challenges, and technical approach for the project. 

This Project Description is open for public comment through July 31, 2026. Use the comment form below to submit your feedback.

Operational Technology (OT) Asset Management Project Description (Draft)Document Version Operational Technology (OT) Asset Management Project Description (Draft)

Operational Technology (OT) is essential for managing the physical processes that power modern industry and ensuring the safe operation of essential services. A comprehensive OT asset management system allows an organization to better understand its OT systems, hardware, and software, which is vital for defining and documenting system boundaries and accurate device security statuses. By having this information, an organization can conduct risk assessments to perceive gaps in their security, understand the interconnections and dependencies between assets, track vulnerabilities, and implement specific security measures to protect their OT environments. Without such a program, organizations lack the visibility needed to effectively secure and safeguard their assets.  

The NCCoE plans to collaborate with asset owners, operators, and technology providers to demonstrate real-world technologies for OT asset management and visibility using commercially available products. Through this effort, this project will showcase practical implementation approaches and produce example architectures aligned with the NIST Cybersecurity Framework 2.0. The project will implement common architectures from different industrial environments to demonstrate a variety of commercial products, implementation approaches, and techniques for multiple aspects of asset management. The laboratory demonstration will allow NCCoE to develop source code, scripts, architectures, procedures, and guidelines to help organizations achieve the visibility necessary to detect and respond to modern cyber threats in their OT environments.  

Join the Community of Interest

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself