Agencies release joint guide on zero trust adoption in operational technology

Apr 30, 2026 - 02:41 PM
hands on machine

The Cybersecurity and Infrastructure Security Agency and other federal agencies released a joint guide yesterday for organizations to apply zero trust principles to operational technology systems. Zero trust is a cybersecurity strategy that is guided by the principle that no users or devices are safe and must always be verified. The guide includes insights on overcoming unique constraints, addressing potential challenges and prioritizing key areas for integrating zero trust principles. OT environments in health care include tools that manage energy control, HVAC, life-safety systems, door access controls, physical security systems and alarms.

“Operational technology underpins the systems Americans rely on every day, and adversaries know it,” said FBI Cyber Division Assistant Director Brett Leatherman. “Nation-state actors are pre-positioning on these networks because OT controls critical physical processes, and because these environments often lack the visibility to detect them early. … Resilience in OT isn’t achieved through any single control; it requires layered defenses that raise the cost for adversaries at every stage.”

For more information on this or other cyber and risk issues, contact John Riggi, AHA national advisor for cybersecurity and risk, at jriggi@aha.org, or Scott Gee, AHA deputy director for cybersecurity and risk, at sgee@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity

Related News Articles

Headline
AHA provides recommendations to ONC on draft data elements for nationwide interoperable electronic data exchange
The AHA April 13 provided comments to the Department of Health and Human Services on the U.S. Core Data for Interoperability Draft Version 7, a standardized…
Headline
HHS reverses 2024 reorganization of IT services
The Department of Health and Human Services March 31 announced that it is reverting a 2024 reorganization of health IT leadership and services. The dually…
Headline
CMS announces library of digital health apps for Medicare beneficiaries 
The Centers for Medicare & Medicaid Services Feb. 23 announced the development of its Medicare App Library. As part of the agency’s Health Technology…
Headline
AHA tactical brief available on technology-enabled care
A new tactical brief on technology-enabled care explores key trends, innovations and learnings, and provides considerations for how hospitals can…
Headline
ASTP/ONC issues RFI on interoperability standards for diagnostic imaging 
The Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology released a request for information Jan. 29…
Headline
FDA announces digital health services pilot 
The Food and Drug Administration announced Dec. 5 that it will launch the Technology-Enabled Meaningful Patient Outcomes for Digital Health Devices Pilot, or…