NSA Offers Best Practices for OSS in Operational Technology

By

The fact sheet provides recommendations for reducing cybersecurity risks.

Implementation and patching of open source software (OSS) in operational technology (OT) environments “continues to be a challenge due to safety concerns and the potential disruption of critical systems,” according to the NSA.

To promote better understanding and highlight best practices, the NSA, along with CISA and other agencies, has released new guidance for securing these systems.

The fact sheet recommends “supporting OSS development and maintenance, patch management, authorization and authentication policies, and establishing common frameworks.” The guidance “also encourages the adoption of “secure-by-design” and “secure-by-default” principles to decrease cybersecurity risk in OT environments.”
 
 
 

 
 
 

10/30/2023

Related content

  • News for Admins
    In the news: Red Hat Announces Ansible Lightspeed with IBM watsonx Code Assistant; Dell APEX Cloud Platform for Red Hat OpenShift Announced; NSA Offers Best Practices for OSS in Operational Technology Environments; Civil Infrastructure Platform Adds New Super-Long-Term Linux Kernel; HTTP/2 Protocol Exploited in Largest DDoS Attack Ever; Docker Announces Three New Products for Secure App Delivery; CloudBees Updates Jenkins and Offers New DevSecOps Platform; Linkerd 2.14 Released with Improved Multi-Cluster Support; NIST Releases Draft of Cybersecurity Framework v2.0; CISA and MITRE Announce Open Source Caldera for OT
    more »
  • NSA Issues Zero Trust Guidance on Automation and Orchestration
    more »
  • NSA Issues Zero Trust Guidelines for Network Security
    more »
  • NIST Releases Draft of Cybersecurity Security Framework v2.0
    more »
  • News for Admins
    In the news: DHS Releases New Guidelines for Securing Critical Infrastructure; Datadog Report Examines DevSecOps Best Practices; Upskilling Key to Tech Staffing Challenges, Says LF Survey; 2024 Open Source Pros Job Survey Report Released; OpenSSF Issues Guidance to Help Prevent Social Engineering Attacks; Black Duck Supply Chain Edition Released by Synopsys; Spectra Logic Announces New Tape Libraries and Management Software; LPI Launches Open Source Essentials Program; Apache Software Foundation Celebrates 25 Years; SUSE Announces Rancher Prime 3.0; NSA Issues Zero Trust Guidelines for Network Security; and NIST Releases Major New Version of Cybersecurity Framework.
    more »
comments powered by Disqus