Cyver core supports the OWASP Operational Technology (OT) TOP 10 Checklist. This list is designed to highlight the most critical security risks inherent to Operational Technology (OT) environments, which are distinct from traditional IT, encompassing industrial control systems, SCADA, and other mission-critical infrastructure.
General Information on the OWASP OT TOP 10
The OWASP OT Project aims to raise awareness and provide a standard, empirically-validated baseline for securing systems crucial to physical processes. The 2025 list, developed through expert consensus and empirical data, defines the core security scope for OT environments, recognizing the unique challenges of asset visibility, operational continuity, and the convergence of IT and OT networks.
OWASP OT TOP 10 - 2025
| Code | Control Name |
|---|---|
| 1 | Unknown Assets and Unmanaged External Access |
| 2 | Devices with Known Vulnerabilities / Issues |
| 3 | Inadequate Supplier / Supply Chain Management |
| 4 | Loss of Availability |
| 5 | Insufficient Access Control |
| 6 | Missing Incident Detection / Reaction Capabilities |
| 7 | Broken Zones and Conduits Design |
| 8 | Missing Awareness |
| 9 | Components / Protocols with Insufficient Security Capabilities |
| 10 | Missing Hardening |
Download
You can directly download the latest OWASP OT TOP 10 Checklist from our GitHub repository: