implementing-patch-management-for-ot-systems

Featured

This skill covers implementing a structured patch management program for OT/ICS environments where traditional IT patching approaches can cause process disruption or safety hazards. It addresses vendor compatibility testing, risk-based patch prioritization, staged deployment through test environments, maintenance window coordination, rollback procedures, and compensating controls when patches cannot be applied due to operational constraints or vendor restrictions.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Implementing Patch Management for OT Systems ## When to Use - When establishing a formal OT patch management program for the first time - When responding to critical ICS-CERT advisories affecting deployed OT systems - When preparing for NERC CIP-007-6 or IEC 62443 patch management compliance audits - When planning patch deployment during limited maintenance windows in continuous operations - When evaluating compensating controls for systems that cannot be patched **Do not use** for IT-only patch management without OT considerations, for emergency patching during active cyber incidents (see performing-ot-incident-response), or for firmware upgrades that change PLC functionality (requires separate change management). ## Prerequisites - OT asset inventory with firmware/OS versions for all patchable systems - Vendor patch notification subscriptions (Siemens ProductCERT, Rockwell, Schneider, etc.) - Test/staging environment mirroring production OT systems for patch validation - Maintenance window schedule aligned with process shutdowns and turnarounds - Change management board approval process including operations and safety representatives ## Workflow ### Step 1: Establish OT Patch Management Program Define the patch management lifecycle adapted for OT environments where availability and safety take priority over immediate vulnerability remediation. ```python #!/usr/bin/env python3 """OT Patch Management Program Manager. Tracks patches for OT systems, manages risk-bas...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

implementing-patch-management-workflow

Patch management is the systematic process of identifying, testing, deploying, and verifying software updates to remediate vulnerabilities across an organization's IT infrastructure. An effective patc

12,642 Updated today
mukul975
AI & Automation Featured

performing-ot-network-security-assessment

This skill covers conducting comprehensive security assessments of Operational Technology (OT) networks including SCADA systems, DCS architectures, and industrial control system communication paths. It addresses the Purdue Reference Model layers, identifies IT/OT convergence risks, evaluates firewall rules between zones, and maps industrial protocol traffic (Modbus, DNP3, OPC UA, EtherNet/IP) to detect misconfigurations, unauthorized connections, and attack surfaces in critical infrastructure.

12,642 Updated today
mukul975
AI & Automation Featured

performing-ot-vulnerability-scanning-safely

Perform vulnerability scanning in OT/ICS environments safely using passive monitoring, native protocol queries, and carefully controlled active scanning with Tenable OT Security to identify vulnerabilities without disrupting industrial processes or crashing legacy controllers.

12,642 Updated today
mukul975
AI & Automation Featured

implementing-network-segmentation-for-ot

This skill covers implementing network segmentation in Operational Technology environments using VLANs, industrial firewalls, data diodes, and software-defined networking. It addresses the Purdue Model-based segmentation strategy, migration from flat networks to segmented architectures without disrupting operations, configuring OT-aware firewalls with industrial protocol deep packet inspection, and validating segmentation effectiveness through traffic analysis.

12,642 Updated today
mukul975
AI & Automation Featured

implementing-ot-incident-response-playbook

Develop and implement OT-specific incident response playbooks aligned with SANS PICERL framework, IEC 62443, and NIST SP 800-82 that address unique ICS challenges including safety-critical systems, limited downtime tolerance, and coordination between IT SOC, OT engineering, and plant operations teams.

12,642 Updated today
mukul975