NIST's National Cybersecurity Center of Excellence (NCCoE) is preparing to launch an operational technology (OT) visibility project designed to help critical infrastructure organizations establish standardized asset management practices across multiple sectors. NCCoE Director Cherilyn Pascoe confirmed the initiative after several sector-specific OT cybersecurity efforts, stating the center is now ready to address the challenge at the cross-industry level. Pascoe disclosed the project's formation at GovCIO's "CyberScape" conference in Arlington, Virginia, on April 16.
Background
The NCCoE is organizing the project to help critical infrastructure organizations gain greater visibility into their OT environments. The need is widespread: Tatyana Bolton, executive director of the Operational Technology Cyber Coalition, testified before a House Homeland Security Committee hearing that most sectors have not completed an OT asset inventory, meaning operators often do not know what devices they have-a gap that AI-enabled offensive tools now stand to exploit.
The announcement follows a pattern of escalating federal OT security activity. In recent years, the NCCoE completed a water and wastewater cybersecurity project and released a draft framework to assist transit agencies with implementing NIST's Cybersecurity Framework (CSF). In parallel, NIST issued a pre-draft call for comments on SP 800-82 Revision 4, its foundational Guide to Operational Technology Security, on January 22, 2026, with the revision intended to incorporate lessons learned and align with updated NIST guidance including CSF 2.0, NIST IR 8286 Rev. 1, and SP 800-53 Rev. 5.2.0, while addressing changes in the OT threat landscape.
SP 800-82 is not regulatory in itself but is frequently referenced in sector guidance, audits, and internal security programs across energy, water, manufacturing, transportation, and other critical infrastructure industries.
Details
When consulting multiple critical infrastructure sectors about their most pressing challenges, Pascoe said the response was consistent: "across the board, the largest challenge that came up was asset management, asset visibility."
NIST plans to form a consortium with industry and government agencies to advance the OT visibility project. The consortium model reflects the NCCoE's standard public-private operating approach. As a collaborative hub where industry organizations, government agencies, and academic institutions work together, the NCCoE uses such partnerships to develop practical cybersecurity solutions for specific industries and broad, cross-sector technology challenges.
Pascoe described the project's intended outputs as practical demonstrations of how existing standards and frameworks can enhance OT visibility, including reference architectures built from commercially available technologies-and potentially the use of artificial intelligence to augment visibility capabilities, depending on community input.
The project's cross-sector scope differentiates it from prior NCCoE OT efforts, which targeted single verticals. NIST is also separately considering expanding SP 800-82 to cover additional OT system categories-including building automation, transit, and maritime-and broadening guidance on emerging technologies in OT environments such as behavioral anomaly detection, digital twins, zero trust, cloud, 5G, advanced wireless, and edge computing.
Outlook
NIST is expected to formally stand up the consortium with industry and government agency participants before publishing project documentation. For industrial operators and system integrators, the initiative is likely to shape how OT asset inventory and visibility requirements are framed in future audits and compliance programs aligned with NIST frameworks. The project's outputs may also influence sector-specific regulatory guidance, as prior NCCoE practice guides have historically underpinned critical infrastructure security mandates.
