A Model for Asset Visibility and Risk Management
CISA BOD 23-01
Bringing Global Best Practices to UK Cybersecurity Strategy
While CISA BOD 23-01 is a directive issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) for federal agencies, its principles are highly relevant for UK-based organisations seeking to improve their cybersecurity maturity—particularly in sectors like infrastructure, healthcare, finance, and government.
At
Zerium, we help UK organisations apply the core tenets of BOD 23-01 to their own environments—leveraging
Sepio’s Asset Risk Management (ARM) platform to build complete asset visibility, mitigate device-based threats, and align with emerging compliance and assurance standards.
Request a Consultation
Contact Us
We will get back to you as soon as possible.
Please try again later.
What is BOD 23-01?
Binding Operational Directive (BOD) 23-01 is a U.S. federal order that requires government agencies to:
Establish comprehensive visibility into all assets
Perform regular automated asset discovery
Identify and report vulnerabilities tied to these assets
Identify and report vulnerabilities tied to these assets
Zerium’s Approach to BOD 23-01 Alignment
Zerium provides strategic and technical support to help your organisation mirror the objectives of BOD 23-01
Complete Asset Discovery
Identify and continuously monitor all connected hardware—across IT, OT, and IoT environments. Sepio uses physical-layer fingerprinting (Asset DNA) to detect even spoofed or hidden devices.
Rogue Device Detection & Automated Mitigation
Detect devices that don’t belong on the network and block them in real time—before they become a threat. Set risk-based thresholds and automate response workflows.
Vulnerability Intelligence & Risk Scoring
Gain insight into the security posture of each asset. Sepio’s platform incorporates threat intelligence and device classification to help you prioritise mitigation efforts.
Continuous Monitoring Without Disruption
Sepio operates
agentlessly and passively, meaning you gain visibility without installing software, changing configurations, or disrupting critical operations.
Why It Matters in the UK Context
Although not mandatory in the UK, BOD 23-01 reflects best-practice principles that align closely with:
The UK’s NCSC Cyber Assessment Framework (CAF)
Cyber Essentials Plus and ISO 27001 readiness
Supply chain due diligence for critical infrastructure providers
Asset-based compliance models in GDPR, CIS, and NIST frameworks
By proactively adopting similar standards, UK organisations can strengthen their security posture, gain a competitive edge in procurement, and futureproof against evolving mandates.
Why Zerium?
Zerium is a UK-based cybersecurity consultancy focused on hardware risk visibility, zero-trust enforcement, and compliance readiness.
Tailored strategy
Tailored strategy based on your sector, infrastructure, and compliance goals
Expert deployment
Expert deployment of Sepio with full training and policy support
Ongoing advisory
Ongoing advisory to evolve with changing regulations and operational needs.
Trusted UK partner
A trusted UK partner aligned with global cybersecurity standards
Benefits of Applying BOD
23-01 Principles in the UK
Build resilience against emerging cyber threats
Improve readiness for audits, client demands, and supply chain standards
Demonstrate leadership in adopting international best practices
Enable granular, real-time control over your connected hardware landscape
Reduce risk from insider threats, tampered devices, and hardware spoofing
