On April 29, 2026, CISA, the Department of War, DOE, FBI, and Department of State published Adapting Zero Trust Principles to Operational Technology. Three things stand out for on-premise OT teams. First, the agencies endorse agentless enforcement at the network layer for the many legacy assets that can't run software clients. Second, microsegmentation is the recommended way to separate control systems from safety systems. Third, the document is blunt about air-gapping: it isn't a security control on its own, and treating it as one creates a false sense of safety.
This post walks through what each finding means in practice, where Access Gate fits, and what to check in your own environment over the next 30 days.
How the Guidance Maps to Access Gate
| CISA recommendation | What it requires | Access Gate implementation |
|---|---|---|
| Agentless enforcement for legacy OT | Network-layer control without endpoint software | Proxy at the network boundary; protected assets remain unmodified |
| Microsegmentation without operational disruption | Per-asset policy without VLAN redesign or re-IP'ing | Layer-3 overlay on top of the existing physical network |
| Compensating ICAM for assets that lack modern identity | Identity, MFA, and audit imposed externally | Auth at the appliance against your IdP; per-session authorization |
| Boundary defense against Volt Typhoon-class lateral movement | Assume IT compromise; deny by default at the IT/OT boundary | Every IT→OT session authenticated, authorized, and recorded |
| TLS for unencrypted industrial protocols | Wrap protocol traffic in an encrypted gateway | FIPS-validated TLS termination for Modbus, DNP3, OPC UA, EtherNet/IP |
| Air-gap is not a security control on its own | Defense in depth even on isolated networks | Identity-bound access enforced regardless of network reachability |
What CISA Says About Agentless
CISA's recommendation is straightforward. Where you can't put an agent on a device, enforce at the network instead. Agents on industrial gear are awkward: they need exhaustive compatibility testing and can void vendor warranties. And passive monitoring alone misses the moment an attacker sends a malicious command in a remote-access session. The endorsed answer is agentless on the asset, with active enforcement at the network boundary.
This matters because most OT assets simply can't host an agent. PLCs, RTUs, HMIs running Windows XP or QNX, ten-year-old engineering workstations, plenty of SCADA servers: they either won't accept endpoint software, or installing it voids vendor support. The Zero Trust playbook that works for IT laptops doesn't carry over to the shop floor.
Access Gate is built on that assumption. It's an on-premise appliance (or VM) that sits next to the OT network, not in line with it. It enforces identity-based access at the boundary using a software-defined overlay, so the asset itself never has to install software, support modern auth, or even know the access control is there. Every connection to a protected asset goes through the appliance first, where authentication, authorization, and full session recording happen before traffic reaches the device.
CISA is clear that monitoring alone isn't enough for remote access: by the time you see a bad command, it's already been sent. Access Gate closes that gap by being the enforcement point, not just an observer. A flagged session is blocked at the appliance, not just logged downstream after the fact.
Microsegmentation Without Network Redesign
CISA names microsegmentation as the Zero Trust control of choice for keeping control systems and safety systems apart, and for letting you write access policies that target specific assets. It also sets a hard constraint: segmentation has to enforce without disrupting operations.
The traditional way to do microsegmentation in OT means redesigning VLANs, reconfiguring switches, and re-IPing assets. Most plants can't take that kind of downtime. Access Gate works differently. It builds a logical overlay on top of the network you already have. Each protected asset gets its own logical address that the appliance proxies. Policies are enforced per asset, per user, per protocol, per session at the proxy boundary. Underlying VLANs and switch configs don't change, and production traffic keeps flowing as normal.
That's the property that makes microsegmentation actually doable on legacy OT. Access Gate enforces policy at a Layer 3/4 boundary that didn't exist before, without forcing the operator to rebuild Layer 2.
Take the case CISA calls out specifically: separating a control PLC from a safety PLC. With Access Gate, the two PLCs can sit on the same physical switch and the same VLAN, and the engineering workstation only reaches the control PLC, not the safety PLC. Every attempt is logged, every session traces back to a named user.
Legacy OT and the Identity Gap
CISA accepts that legacy OT can't always meet modern Identity, Credential, and Access Management (ICAM) standards on its own, and explicitly endorses compensating controls above the device level. The guidance treats segmentation itself as a valid compensating control when device-level identity is off the table.
That's the day-to-day reality in OT. Most installed PLCs don't speak Active Directory, SAML, or OIDC. Many don't support per-user authentication at all. The vendor-documented login is often a single shared password that was set at commissioning ten years ago. Patches that would add modern auth are usually unavailable, would void warranty coverage, or require a process shutdown to install.
Access Gate enforces ICAM at the network boundary on behalf of the asset. The user logs in against your identity provider with MFA. The appliance terminates that session, applies policy, then opens a fresh connection to the asset using whatever protocol and credential the asset can handle. The asset sees a connection from a known underlay address. The user gets identity-bound access with full audit logging. The compensating control sits in between.
On encryption, CISA makes a useful nuance. For OT, integrity and authentication matter more than confidentiality. Where a protocol can't natively do TLS, wrapping it in a TLS-enabled gateway is the right move. Access Gate does this for Modbus, DNP3, OPC UA, EtherNet/IP, and other industrial protocols: it terminates FIPS-validated TLS at the proxy and then forwards the protocol natively to the asset.
Volt Typhoon and Lateral Movement
CISA calls out Volt Typhoon by name as a textbook example: an IT-side foothold using living-off-the-land techniques, then lateral movement into OT. This is exactly the threat model Zero Trust microsegmentation was designed for.
The attack pattern is well documented. The adversary lands on an IT endpoint, moves through the network using legitimate admin tools, finds the IT/OT boundary, and crosses it through whatever path is open. Often it's a flat or barely-segmented network where any compromised IT host can reach OT directly. Sometimes it's a vendor remote-access tool with a shared credential. Sometimes it's a forgotten engineering workstation that's dual-homed. Sometimes it's a historian replication path nobody wrote down.
If there's no identity-bound access at the IT/OT boundary, that path stays open. CISA's recommendation is to assume the IT side is already compromised and design the OT boundary as if the attack were already in flight. That means authenticated, authorized, and logged access for every session that crosses the boundary, not just an inventory of which paths exist.
Access Gate is built for this. Every IT-to-OT session terminates at the appliance. The connecting user has to authenticate with MFA. The session is tied to a specific user identity, not a service account or shared credential. The session is recorded with full payload when configured, and replayable for forensics. The path is denied by default unless an explicit policy permits it.
For Volt Typhoon-class adversaries that rely on staying undetected, every-session-attributed-and-recorded is what shuts the path. For ongoing tracking of Volt Typhoon and other named OT threat groups, Trout maintains a public threat intelligence portal with per-actor profiles and indicators.
What This Means for Your Deployment
If you run an on-premise OT environment, here's what to do in the next 30 days.
- Audit your agent-based monitoring. For every OT asset that runs an agent, write down whether the OT vendor supports it and whether it gets a compatibility check at every patch cycle. CISA's view: an unsupported agent on a legacy asset adds more risk than it removes.
- Map the IT/OT boundary. List every network path that crosses it: vendor remote access, jump hosts, dual-homed workstations, file transfer servers, historian replication. Per CISA, each one is a Volt Typhoon entry point if it isn't authenticated.
- Document each path's current posture. For every IT/OT path you mapped, note the current authentication, authorization, and session-logging story. Anything that doesn't enforce per-user identity, per-session authorization, and full session logging is a gap.
- Look at where agentless can replace agent-based. CISA's guidance is explicit: for legacy OT, agentless network enforcement is the endorsed posture.
- Test your air-gap assumption. CISA says it plainly: an air gap isn't a security control on its own. If yours exists, ask what would happen if a USB device, a vendor laptop, or a maintenance jump host bridged it.
Access Gate covers each of these. It deploys without agents on the protected assets, enforces at the network boundary, segments without VLAN changes, and produces session evidence by default. Deployment typically takes hours per site, not weeks.
Ready to align with the new CISA guidance? The Zero Trust for OT practical guide walks through how to apply these principles to legacy industrial networks without ripping out what already works.
