IEC 62443 is a series of standards that address security for operational technology in automation and control systems.
The series is divided into different sections and describes both technical and process-related aspects of automation and control systems security.
This committee developed a multi-part series of standards and technical reports addressing the cybersecurity of Automation and Control Systems.
Around 2010, ISA99 strengthened its relationship with the International Electrotechnical Commission (IEC), leading to the renaming of the standards to ANSI/ISA-62443.
The guidelines describe how to handle information security in industrial automation environments and were also submitted to and used by the IEC working groups.
This approach serves to avoid the proliferation of partial and/or conflicting requirements for addressing security of automation and control systems across industry sectors where the same or similar technology or products are deployed at operating sites.
IEC 62443 Industrial communication networks - Network and system security series of standards consists of several parts, which are divided into six areas: The following table lists the parts of the IEC 62443 series of standards published to date with their status and title.
According to IEC guidelines, all published standards will be periodically reviewed and either be confirmed to be current, updated (resulting in a new edition), or withdrawn.In addition, several parts of the series are under development,[12] including new editions of: There are several concepts that form the foundation of the IEC 62443 series.
The standard emphasizes that the levels should be evaluated per technical requirement (see IEC 62443-1-1) and are not suitable for the general classification of products.
Processes, systems and products used in automation and control environments can be certified as conforming to IEC 62443.
A global infrastructure of national accreditation bodies (AB) ensures consistent evaluation of the IEC 62443.
TIC companies are accredited by an AB to provide inspection according to the ISO/IEC 17020, testing laboratories according to ISO/IEC 17025 and certification of products, processes, and services according to ISO/IEC 17065.
The origin of the CB Scheme comes from the CEE (former European "Commission for Conformity Testing of Electrical Equipment") and was integrated into the IEC in 1985.