Agentless Zero Trust for OT Zero Trust Without Agents on the Asset.
Most OT devices cannot run security agents. PLCs, HMIs on Windows XP, ten-year-old engineering workstations, and SCADA servers either reject endpoint software or run it at the cost of vendor support. The April 2026 CISA guidance endorses agentless deployment for legacy OT and recommends pairing it with network-layer enforcement. This page covers why, what, and how.
Why Agents Fail in OT.
IT Zero Trust assumes the device can host an agent that verifies posture, enforces policy, and reports telemetry. OT cannot make that assumption. Proprietary real-time operating systems do not allow third-party software. Deterministic control loops cannot tolerate the timing jitter an agent introduces. Vendor warranties explicitly void if endpoint software is installed. The agentless question is not whether to deploy without agents. It is whether the network-layer enforcement that replaces them is strong enough.
The April 2026 Position.
CISA, the Department of War, DOE, FBI, and Department of State jointly published Adapting Zero Trust Principles to Operational Technology on April 29, 2026. On the agent question (p.17), the guidance is direct: agents require extensive compatibility testing and can impact system warranties, while passive monitoring alone misses abuses in remote-access sessions. The endorsed posture is agentless deployment combined with active enforcement at the network boundary. This document is the highest-authority federal guidance to date on agentless Zero Trust for OT.
Read our full analysis of the CISA guidanceWhat Replaces the Agent.
When the asset cannot host security software, the network must provide what the agent would have provided. Each capability below is what CISA calls a compensating control, mapped to specific Access Gate functionality.
Endpoint MFA prompt
MFA enforced at the network boundary against your IdP. The asset never sees the user identity directly. Each session is bound to a named user, not a service account or shared credential.
Local policy enforcement
Per-asset, per-protocol, per-session policy. A single user can be authorized to read a Modbus register on PLC A and denied write access to PLC B in the same authentication context.
Endpoint event log
Every session is logged with user identity, timestamp, asset, protocol, and full payload when configured. Logs are tamper-evident through hash chaining and FIPS-validated signing. 90-day retention default.
Host-based firewall rules
Overlay-based microsegmentation enforces per-asset boundaries on top of the existing physical network. The Layer 2 topology does not change. Safety PLCs and control PLCs can sit on the same VLAN with isolated reachability.
Endpoint TLS stack
Modbus, DNP3, OPC UA, EtherNet/IP, and other industrial protocols are wrapped in FIPS-validated TLS at the proxy boundary and forwarded natively to the asset. The asset does not need to support TLS.
Endpoint EDR
Session-level anomaly detection on user, time, command sequence, and payload patterns. Flagged sessions can be blocked at the appliance, not just alerted downstream.
Local elevation prompt
Vendor and contractor sessions are scoped, time-bound, and revocable. Access closes automatically when the session ends. No persistent VPN tunnels, no standing credentials.
Frequently Asked Questions
What does agentless Zero Trust mean for OT?
Why can't OT devices run security agents?
Does CISA require agentless Zero Trust for OT?
Is passive monitoring enough?
How is agentless Zero Trust different from a firewall?
How does Access Gate enforce Zero Trust without an agent?
See Agentless Zero Trust in Action.
Request a 30-minute working session. We will walk through your environment, identify which assets cannot host agents, and show how Access Gate enforces Zero Trust at the network boundary in front of them.
Request a Working Session