Claroty simplifies compliance with ISA/IEC-62443-3-3 requirements, empowering organizations to drive resilience across their critical operations and infrastructure.
The International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) have worked together to provide security teams with a series of standards and technical reports that can be used as guidance in protecting their industrial automation and control systems (IACS) against cyberthreats.
These standards and technical reports are arranged in four groups, corresponding to different focuses and audiences. Part 3-3 defines security system requirements and capability labels to build an IACS that meet a target security level and provides ways in which users can evaluate their security practices.
ISA/IEC 62443 is aimed at asset owners, service providers, product suppliers, and all stakeholders involved in the development and operation of industrial products and systems. By adhering to the standards set forth by ISA and IEC, organizations can enhance their security posture and mitigate cyber risk.
Although ISA/IEC 62443 is not a mandatory framework, the standards are widely recognized and provide a comprehensive framework that are essential for asset owners in identifying, assessing, and managing the risks to their IACS.
The ISA/IEC-62443 framework is broken down into seven Foundational Requirements (FR), each with a series of System Requirements (SR), and Requirement Enhancements (RE) that can be used to reach one of the five target Security Levels (SL). Claroty’s cyber-physical systems (CPS) cybersecurity portfolio both supports and simplifies each requirement as follows:
FR1 requires organizations to reliably identify and authenticate all users — including humans, software processes, and devices — attempting to access the IACS. Claroty solutions offer granular role-based access controls (RBAC) and perform user identification to both ensure security and to streamline user experience. Our solutions also help tailor the FR1 mechanisms to the specific needs of different components within the system ensuring efficient and effective operation of control systems in various environments.
FR2 requires organizations to ensure that each user — whether a human, software process, or device — is granted only the appropriate level of privileges. Claroty solutions enable the segregation of duties via granular RBAC assignments that are configurable by a system administrator. With the implementation of such control mechanisms, organizations can maintain the operational integrity and security of the IACS, protecting both the system and its data.
FR3 requires rigorous testing and maintenance of IACS to ensure their reliable and secure operation. Claroty solutions help organizations achieve FR3 by securing communications between all connected components and by continuously monitoring asset communications for anomalous behavior or deviations from baseline. With continuous monitoring and by providing device change alerts, Claroty solutions help ensure the safe and secure functioning of an IACS.
FR4 requires organization to ensure the confidentiality of information on communication channels and in data repositories to guard against eavesdropping and unauthorized access. Claroty solutions utilize SSH and SSL protocols to protect the information collected from IACS environments at rest and in-transit. This protection is fundamental to ensuring the overall reliability and trustworthiness of the control systems that play a vital role in various industrial and infrastructure operations.
FR5 requires organizations to segment their control system via zones and conduits to limit the unnecessary flow of data. Claroty solutions leverage superior visibility and profiling to segment cyber-physical systems (CPS) into zones. Claroty solutions’ network protection capabilities also help lay the foundation for Zero Trust practices core to improving an organization’s industrial cybersecurity posture. These strategies help maintain the delicate balance between operational efficiency and a strong security foundation.
FR6 requires organizations to respond to security violations by establishing the proper policies and procedures for communication and reporting. Claroty solutions support FR6 by providing comprehensive audit logs across all users’ actions. Our continuous monitoring also allows the network to categorize “normal” network behavior and track anomalous activity, known indicators of compromise, and threat signatures among other types of threats to the environment. The implementation of monitoring tools and techniques is vital for maintaining the reliability and effectiveness of the IACS environment.
FR7 requires organizations to ensure the availability of the control system against degradation or Denial of Service events (DoS). Claroty solutions support this requirement by providing alerts for denial of service attacks against CPS. Our solutions are also able to continue operation during DoS events, safeguarding against potential safety hazards that could arise from system failures or disruptions.
Claroty xDome is a flexible SaaS platform purpose-built for all use cases & types of CPS on the entire industrial cybersecurity journey.
Claroty xDome Secure Access delivers frictionless, reliable, secure remote access for internal and third-party OT personnel.
Claroty Continuous Threat Detection (CTD) offers robust, on-premises cybersecurity controls for industrial environments.
Want to see how Claroty will support your entire XIoT cybersecurity journey?