Performing OT Vulnerability Assessment with Claroty

When to Use

• When conducting scheduled OT vulnerability assessments per IEC 62443 or NERC CIP requirements
• When deploying Claroty xDome for the first time and performing initial asset discovery and risk assessment
• When correlating newly published ICS-CERT advisories against your OT asset inventory
• When prioritizing OT vulnerability remediation with limited maintenance windows
• When generating compliance evidence for CIP-010-4 vulnerability assessment requirements

Do not use for active vulnerability scanning of PLCs and safety systems (see performing-ot-network-security-assessment for passive approaches), for IT-only vulnerability management (see standard vulnerability scanners), or for penetration testing (see performing-ics-penetration-testing).

Prerequisites

• Claroty xDome or CTD (Continuous Threat Detection) deployed with sensors on OT network
• Network SPAN/TAP access for passive asset discovery
• CISA ICS-CERT advisory subscription for vulnerability tracking
• Asset inventory with firmware versions for all OT devices
• Change management process for patch deployment during maintenance windows