About the ISA/IEC 62443 standards
ISA/IEC 62443 series of standards were created to provide an easy-to-use,
achievable model to handle risks and mitigate cybersecurity threats.
section-4c475a3
IEC 62443 is the definitive standard for securing Industrial Automation and Control Systems, providing the most effective cybersecurity solution for Industry 4.0.
With the increasing connectivity of production assets via the Industrial Internet of Things (IIoT), new risks must be integrated into traditional risk management processes.
Manufacturers of industrial automation control system components (suppliers) must incorporate security requirements from IEC 62443 4-1 into their product development processes.
IEC 62443 Part 4-1 details a secure development lifecycle for creating and maintaining secure products for industrial automation and control systems (IACS). Achieving the IEC 62443-4-1 certification signifies that a developer has employed a secure-by-design approach from the outset of product development, including a comprehensive security lifecycle and patch management.
section-db9aba8
About the ISA/IEC 62443 standards
- Gap Analysis.
- Performing Risk Assessments according to IEC 62443-3-2.
- Preparing for Certification
- Consultation and support the preparations for certification
- Online and on-site workshops
- Documentation review
- Secure product development lifecycle requirements audit (62443-4-1)
- Technical security requirements for IACS component evaluation (62443-4-2)
section-a8470e8
The ISA/IEC 62443 series of standards were developed to provide a practical and attainable framework for managing risks and mitigating cybersecurity threats.
To ensure that security requirements relevant to customers are met, industrial components should be certified under IEC 62443-4-2. By adhering to the guidelines defined in IEC 62443-4-2, component suppliers can offer their customers the best protection against cyberattacks.
Component suppliers must incorporate specific features and capabilities into their devices to make them suitable for deployment on Industrial IoT networks. Meeting the requirements outlined in IEC 62443-4-2 ensures that these components are secure and resilient, ready to be procured by 62443-certified and secured IACS organizations.
section-b02e814
Security level
Misuse
Means
Knowledge
Resources
Motivation
section-2e88049
The Key distinctions between IEC 62443-4-1 and IEC 62443-4-2
- IEC 62443-4-1 utilizes four maturity levels, whereas IEC 62443-4-2 is structured around four security levels.
- Attaining IEC 62443-4-1 certification is a prerequisite for obtaining certification in IEC 62443-4-2.
- IEC 62443-4-1 concentrates on secure product development and the product lifecycle, while IEC 62443-4-2 emphasizes technical security requirements for IACS components, specifically embedded devices, network components, host components, and software applications.
- IEC 62443-4-1 encompasses 47 requirements distributed across 8 practices, whereas IEC 62443-4-2 addresses 140 requirements outlined in the standard.
