ACCORDING to Infosecurity Magazine, a new joint guide detailing how to apply zero-trust principles in operational technology environments has been released by US government agencies, led by the US Cybersecurity and Infrastructure Security Agency (CISA) alongside federal partners, and published on 30 April 2026.
The document, Adapting Zero Trust Principles to Operational Technology, is designed for security practitioners and OT operators and emphasises the complexities of introducing zero trust architectures into environments that prioritise continuous operation and physical safety. It notes that traditional IT-centric approaches cannot be directly applied to OT due to legacy systems, limited visibility and strict availability requirements.
Core recommendations include establishing comprehensive asset inventories using passive monitoring, enforcing network segmentation and microsegmentation, implementing identity and access controls adapted to legacy systems, securing remote access through jump hosts and MFA, and integrating supply chain risk management into procurement decisions.
The guidance also underlines the need for collaboration between IT, OT and security teams to balance protection with operational continuity, while recognising that zero-trust adoption aims to improve resilience rather than eliminate risk entirely.