FR1 requires organizations to reliably identify and authenticate all users — including humans, software processes, and devices — attempting to access the IACS. Claroty solutions offer granular role-based access controls (RBAC) and perform user identification to both ensure security and to streamline user experience. Our solutions also help tailor the FR1 mechanisms to the specific needs of different components within the system ensuring efficient and effective operation of control systems in various environments.

FR2 requires organizations to ensure that each user —  whether a human, software process, or device — is granted only the appropriate level of privileges. Claroty solutions enable the segregation of duties via granular RBAC assignments that are configurable by a system administrator. With the implementation of such control mechanisms, organizations can maintain the operational integrity and security of the IACS, protecting both the system and its data.

FR3 requires rigorous testing and maintenance of IACS to ensure their reliable and secure operation. Claroty solutions help organizations achieve FR3 by securing communications between all connected components and by continuously monitoring asset communications for anomalous behavior or deviations from baseline. With continuous monitoring and by providing device change alerts, Claroty solutions help ensure the safe and secure functioning of an IACS.

FR4 requires organization to ensure the confidentiality of information on communication channels and in data repositories to guard against eavesdropping and unauthorized access. Claroty solutions utilize SSH and SSL protocols to protect the information collected from IACS environments at rest and in-transit. This protection is fundamental to ensuring the overall reliability and trustworthiness of the control systems that play a vital role in various industrial and infrastructure operations.

FR5 requires organizations to segment their control system via zones and conduits to limit the unnecessary flow of data. Claroty solutions leverage superior visibility and profiling to segment cyber-physical systems (CPS) into zones. Claroty solutions’ network protection capabilities also help lay the foundation for Zero Trust practices core to improving an organization’s industrial cybersecurity posture. These strategies help maintain the delicate balance between operational efficiency and a strong security foundation.

FR6 requires organizations to respond to security violations by establishing the proper policies and procedures for communication and reporting. Claroty solutions support FR6 by providing comprehensive audit logs across all users’ actions. Our continuous monitoring also allows the network to categorize “normal” network behavior and track anomalous activity, known indicators of compromise, and threat signatures among other types of threats to the environment. The implementation of monitoring tools and techniques is vital for maintaining the reliability and effectiveness of the IACS environment.

FR7 requires organizations to ensure the availability of the control system against degradation or Denial of Service events (DoS). Claroty solutions support this requirement by providing alerts for denial of service attacks against CPS. Our solutions are also able to continue operation during DoS events, safeguarding against potential safety hazards that could arise from system failures or disruptions.