Guidance on OSS in IT/ICS Environments - 20231012001¶
Overview¶
CISA, the Federal Bureau of Investigation, the National Security Agency, and the U.S. Department of the Treasury released guidance on improving the security of open source software (OSS) in operational technology (OT) and industrial control systems (ICS).
What is the guidance provides?¶
In alignment with CISA's recently released Open Source Security Roadmap, the guidance provides recommendations to OT/ICS organizations on:
- Supporting OSS development and maintenance,
- Managing and patching vulnerabilities in OT/ICS environments, and
- Using the Cross-Sector Cybersecurity Performance Goals (CPGs) as a common framework for adopting key cybersecurity best practices in relation to OSS.
Recommendations¶
The WA SOC encourages OT/ICS organizations to review this guidance and implement its recommendations.