The IT Law Wiki
The IT Law Wiki

Citation[]

ISA 99/IEC 62443.

Overview[]

In 2002 the International Society of Automation (ISA) began writing a series of standards entitled ISA 99, which address the subject of cybersecurity for industrial automation and control systems. The standards describe the basic concepts and models related to cybersecurity, as well as the elements contained in a cybersecurity management system for use in the industrial automation and control systems environment. They also provide guidance on how to meet the requirements described for each element.

One technical report and three standards have been released so far with the most recent being ANSI/ISA-99.02.01:2009 entitled, "Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program.” This useful document is focused on control system security practices for owners and operators of industrial automation systems.

TC 65 WG 10 of the International Electrotechnical Commission (IEC) has joined with ISA 99 and released combined standards under IEC 62443. These standards are the core standards for industrial control security worldwide. There following documents were published in the series so far:

  • Part 1-1: Terminology, concepts and models (Technical Specification, Edition 1.0, Juli 2009)
  • Part 2-1: Establishing an industrial automation and control system security program (International Standard, Edition 1.0, November 2010)
  • Part 2-3: Patch management in the IACS environment (Technical Report, Edition 1.0, Juni 2015)
  • Part 2-4: Security program requirements for IACS service providers (Technical Report, Edition 1.1, August 2017)
  • Part 3-1: Security technologies for industrial automation and control systems (Technical Report, Edition 1.0, Juli 2009)
  • Part 3-2: Security risk assessment for system design (International Standard, Edition 1.0, June 2020)
  • Part 3-3: System security requirements and security levels (International Standard, Edition 1.0, August 2013)
  • Part 4-1: Secure product development lifecycle requirements (International Standard, Edition 1.0, Januar 2018)
  • Part 4-2: Technical security requirements for IACS components (International Standard, Edition 1.0, February 2019)

Source[]