This directive expands on Security Directive 1580‑21‑01 by adding further requirements for securing both IT and OT networks. It emphasizes technical measures such as network segmentation, monitoring and detection, secure remote access, and vulnerability management, along with procedural controls like asset inventory, access policies, identifying IT‑OT communication paths, and patch management. It also introduces the requirement for a cybersecurity assessment program, including a Cybersecurity Architecture Design Review to ensure the network architecture properly isolates critical systems and reduces exposure to cyber threats.

Join for free to read