Security Standards

IEC 62443 - Industrial communication networks - Network and system security

IEC 62443 is concerned with security aspects in automation systems (broadly speaking). It consists of the following sub-parts:

  1. Terminology, concepts and models

2.1 Establishing an industrial automation and control system security program

2.3. Patch management in the IACS environment

2.4. Security program requirements for IACS service providers

  1. Security for industrial process measurement and control - Network and system security

3.1. Security technologies for industrial automation and control systems

3.3. System security requirements and security levels

4.1. Secure product development lifecycle requirements

4.2 Technical security requirements for industrial automation and control systems components

The standard describes a defence in-depth approach to industrial security comprising roles, responsibilities, security segments for all actors involved including end-users and component suppliers. Also, different component classes (ranging from embedded devices up to pure software components) are defined. IEC 62443 views security as a continuous process that accompanies the development of an automation component as well as an integrated automation system.