The **Cybersecurity and Infrastructure Security Agency (CISA)**, in coordination with the Department of War, Department of Energy, Federal Bureau of Investigation, and Department of State, released *Adapting Zero Trust Principles to Operational Technology*, joint guidance for organizations applying zero trust (ZT) principles to operational technology (OT). Zero trust is a modern, adaptive approach to cybersecurity that eliminates implicit trust and requires continuously validating access based on identity, context, and risk. You can find the full guide here: [Adapting Zero Trust Principles to Operational Technology](https://www.cisa.gov/sites/default/files/2026-04/joint-guide-adapting-zero-trust-principles-to-operational-technology_508c.pdf) ### The Need for Zero Trust in OT Traditionally isolated or manually operated OT systems are now increasingly interconnected and digitally monitored, and often remotely controlled. This IT-OT convergence introduces new cybersecurity risks. Perimeter-based defenses and implicit trust models are no longer adequate for safeguarding OT systems and the critical physical processes they control. ### Key Focus Areas of the Guidance This guidance is designed to support OT owners and operators in transitioning to a ZT architecture. It addresses the unique challenges presented by technology gaps from legacy infrastructure, operational constraints, and stringent safety requirements. Key areas of focus include: * **Comprehensive Asset Visibility:** Establishing a clear understanding of all assets within the OT environment. * **Proactive Supply Chain Risk Management:** Identifying and mitigating risks associated with the OT supply chain. * **Robust Identity and Access Management:** Implementing strong controls over user access and authentication. * **Layered Security Measures:** Emphasizing the importance of network segmentation, secure communication protocols, and vulnerability management. ### Further Resources To learn more about ZT principles, visit [Zero Trust](https://www.cisa.gov/topics/cybersecurity-best-practices/zero-trust). ### CISA Product Survey CISA is seeking feedback on the guidance. You can participate in the survey here: [CISA Product Survey](https://cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?product=https://www.cisa.gov/resources-tools/resources/adapting-zero-trust-principles-operational-technology)