• New standard specifies cybersecurity capabilities for control system components

    The newly published ISA/IEC 62443-4-2-2018, Security for Industrial Automation and Control Systems: Technical Security Requirements for IACS Components, provides the cybersecurity technical requirements for components that make up an IACS, specifically the embedded devices, network components, host components and software applications. The standard sets forth security capabilities that enable a component to mitigate threats for a given security level without the assistance of compensating countermeasures.

    The new standard follows the February 2018 publication of ISA/IEC 62443-4-1, Product Security Development Life-Cycle Requirements, which specifies process requirements for the secure development of products used in an IACS and defines a secure development life-cycle for developing and maintaining secure products. The life-cycle includes security requirements definition, secure design, secure implementation (including coding guidelines), verification and validation, defect management, patch management and product end-of-life.

    The ISA/IEC 62443 series of standards is developed by the ISA99 committee and adopted globally by the International Electrotechnical Commission (IEC). Previous standards in the series cover terminology, concepts, and models; establishment of an IACS security program; patch management; and system security requirements and security levels. All may be accessed at www.isa.org/findstandards.

    For more information on ISA99 and the ISA/IEC 62443 series of standards, contact Eliana Brazda, ISA Standards, ebrazda@isa.org or +1-919-990-9200.


    Have an idea for an ISA standard, book, training course, conference topic, or other product or service?  Send it to:  idea@isa.org .