Full Report
Cyber-physical systems (CPS) protection company Claroty announced this week new investments in the U.S. public sector to enhance... The post Claroty expands public sector offerings to protect critical cyber-physical systems appeared first on Industrial Cyber.
Analysis Summary
# Industry News: Claroty Bolsters Public Sector OT Security with Enhanced Exposure Management and FISMA Compliance Tools
## Summary
Claroty has significantly expanded its offerings tailored for the U.S. public sector, focusing on securing critical cyber-physical systems (CPS) across federal, state, local, education (SLED), and the defense industrial base. The expansion centers on enhanced exposure management leveraging CISA KEV data and adding STIG-hardened configuration management controls to meet stringent FISMA and DoD RMF compliance mandates.
## Key Details
- **Date:** Announced in the week surrounding June 20, 2025.
- **Companies Involved:** Claroty.
- **Category:** Product Updates / Market Expansion (Public Sector Focus).
## The Story
Claroty announced new investments aimed at strengthening the protection of Operational Technology (OT), IoT, IoMT, and facility systems within the U.S. public sector. The core updates include new exposure management features within its Continuous Threat Detection (CTD) platform, which incorporates CISA’s Known Exploited Vulnerabilities (KEV) catalog and Exploit Prediction Scoring System (EPSS) data to automate vulnerability triage based on exploitability. Furthermore, Claroty has hardened its operating system (ClarotyOS) to include specific configuration management (CM-2) controls aligned with common security standards like STIGs, directly supporting Federal Information Security Modernization Act (FISMA) and DoD Risk Management Framework (RMF) requirements. These updates also aim to achieve FIPS-140-2/3 compliant outcomes for data protection.
## Business Impact
### For the Companies Involved
- **Claroty:** This move solidifies Claroty's market traction in the lucrative and highly regulated U.S. public sector, positioning them as a stronger partner for agencies dealing with complex compliance burdens (FISMA, RMF). The specialized feature set (STIG hardening, KEV integration) creates strong customer lock-in within this segment.
### For Competitors
- Competitors in the OT/CPS security space will need to swiftly match the depth of KEV/EPSS integration and adherence to specific federal hardening standards (STIGs) to remain competitive for federal contracts. This sets a higher bar for public sector tooling.
### For Customers
- Public sector entities gain more efficient tools for managing critical asset risk, allowing them to prioritize remediation efforts based on demonstrable exploitability rather than just severity scores. The built-in compliance features simplify audits and reporting for FISMA and RMF.
### For the Market
- This development signals a growing market demand for OT security solutions that are explicitly mapped to high-bar government compliance frameworks. It accelerates the convergence between operational technology security and traditional IT governance requirements.
## Technical Implications
The integration of CISA KEV and EPSS into automated prioritization represents a significant advancement in actionable vulnerability management for CPS environments. The deployment of STIG-hardened configuration controls directly within the security platform's OS (ClarotyOS) ensures that infrastructure monitoring tools themselves meet stringent security baselines, addressing a common hurdle in federal deployment.
## Strategic Analysis
- **Market Positioning:** Claroty is aggressively positioning itself as the preferred provider for high-security, compliance-heavy, mission-critical environments, moving beyond general OT visibility to prescriptive risk reduction.
- **Competitive Advantage:** The specific focus on FISMA/RMF support combined with exploitability-driven triage creates a feature parity requirement for rivals targeting the U.S. government supply chain. The inclusion of "flyaway kits" also addresses operational realities in remote or resource-constrained installations.
- **Challenges:** Successfully navigating the continuous evolution of NIST standards and government accreditation processes will be an ongoing operational challenge to maintain the validity of these compliance claims.
## Industry Reactions
- **Analyst Opinions:** Analysts are likely viewing this as a necessary strategic move. The Biden administration's increased focus on securing critical infrastructure, coupled with mandatory adherence to CISA directives, means compliance cannot be an afterthought; it must be baked into the solution.
- **Expert Commentary:** Experts in industrial security will likely praise the effort to tie vulnerabilities directly to the CISA KEV catalog, as this addresses the common problem of risk overload in large, complex OT/IoT networks.
- **Market Response:** Expect Claroty's visibility and traction within U.S. defense and federal civilian agencies to increase, potentially leading to higher contract wins in the near term.
## Future Outlook
- **Predictions and Expectations:** We anticipate other mainstream OT security vendors will rapidly seek to integrate similar KEV/EPSS-driven prioritization and federal compliance documentation into their platforms.
- **What to watch for:** Scrutiny over how effectively these tools translate regulatory requirements into actual, measurable risk reduction metrics reported back to agency leadership.
## For Security Professionals
These updates mean that security teams in SLED and federal agencies can leverage a platform that directly translates federal mandates (FISMA, RMF) into actionable remediation queues for their unique OT/CPS assets. Practitioners should evaluate how easily they can onboard existing asset inventories and how well the prioritization model aligns with their operational tolerances.