Knowing your assets is the foundation of a successful cybersecurity strategy. In fact, it is unrealistic to expect to adequately complete a basic cyber risk assessment without a comprehensive asset inventory. According to PAS, the OT integrity company, “without such an inventory, it is impossible to have the visibility necessary to understand and reduce risk.” OT asset inventory is not a one-size fits all program, and what qualifies as a good OT asset inventory is different for every organization. To help organizations identify useful details, PAS shares a diagram of what they typically see in OT asset inventories and the most common gaps. Furthermore, short of a thorough and up-to-date inventory, PAS describes that the typical process to understand and reduce risk often falls back on manual activities like emails and conference calls to determine vulnerable devices in response to ICS-CERT and other vulnerability disclosures. For more details on the minimum data to include in an asset inventory record, review #1 – Perform Asset Inventories in WaterISAC's 15 Cybersecurity Fundamentals for Water and Wastewater Utilities. Likewise, the CISA Cyber Essentials Toolkit 3 – Protect Critical Assets and Applications includes more resources to help learn what is on your network. For more tips on an effective OT asset inventory, visit PAS.