• ISA Insights June 2014

    ISA99 Patch Management Technical Report

    ISA-TR62443-2-3, Patch Management in the IACS Environment, has been approved in a ballot of ISA99. Comments submitted during the ballots are currently under review within the committee, with publication expected later this year.

    The technical report addresses the installation of patches, also called software updates, software upgrades, firmware upgrades, service packs, hotfixes, basic input output system (BIOS) updates, and other digital electronic program updates that resolve bug fixes, operability, reliability, and cyber security vulnerabilities. It covers many of the problems and industry concerns associated with IACS (industrial automation and control systems) patch management for asset owners and IACS product suppliers. It also describes the impacts poor patch management can have on the reliability and operability of an IACS.

    The document provides a defined format for the exchange of information about security patches from asset owners to IACS product suppliers, and definitions of activities associated with the development of the patch information by IACS product suppliers and deployment of the patches by asset owners. The exchange format and activities are defined for use in security-related patches, but may also be applicable for other types of patches or updates.