BS EN IEC 62443-2-4:2019+A1:2019
$215.11
Security for industrial automation and control systems – Security program requirements for IACS service providers
| Published By | Publication Date | Number of Pages |
| BSI | 2019 | 94 |
This part of IEC 62443 specifies a comprehensive set of requirements for security capabilities for IACS service providers that they can offer to the asset owner during integration and maintenance activities of an Automation Solution. Because not all requirements apply to all industry groups and organizations, Subclause 4.1.4 provides for the development of Profiles that allow for the subsetting of these requirements. Profiles are used to adapt this document to specific environments, including environments not based on an IACS.
NOTE 1 The term “Automation Solution” is used as a proper noun (and therefore capitalized) in this part of IEC 62443 to prevent confusion with other uses of this term.
Collectively, the security capabilities offered by an IACS service provider are referred to as its Security Program. In a related specification, IEC 62443-2-1 describes requirements for the Security Management System of the asset owner.
NOTE 2 In general, these security capabilities are policy, procedure, practice and personnel related.
Figure 2 illustrates how the integration and maintenance capabilities relate to the IACS and the control system product that is integrated into the Automation Solution. Some of these capabilities reference security measures defined in IEC 62443-3-3 that the service provider must ensure are supported in the Automation Solution (either included in the control system product or separately added to the Automation Solution).
In Figure 2, the Automation Solution is illustrated to contain a Basic Process Control System (BPCS), optional Safety Instrumented System (SIS), and optional supporting applications, such as advanced control. The dashed boxes indicate that these components are “optional”.
NOTE 3 The term “process” in BPCS may apply to a variety of industrial processes, including continuous processes and manufacturing processes.
Text deleted
NOTE 4 Automation Solutions typically have a single control system (product), but they are not restricted to do so. In general, the Automation Solution is the set of hardware and software, independent of product packaging, that is used to control a physical process (e.g. continuous or manufacturing) as defined by the asset owner.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 2 | National foreword |
| 5 | CONTENTS |
| 9 | 1 Scope Figures Figure 2 – Scope of service provider capabilities |
| 10 | 2 Normative references 3 Terms, definitions, abbreviated terms and acronyms 3.1 Terms and definitions |
| 13 | 3.2 Abbreviations |
| 14 | 4 Concepts 4.1 Use of IEC 62443-2-4 4.1.1 Use of IEC 62443-2-4 by IACS service providers |
| 15 | 4.1.2 Use of IEC 62443-2-4 by IACS asset owners 4.1.3 Use of IEC 62443-2-4 during negotiations between IACS asset owners and IACS service providers |
| 16 | 4.1.4 Profiles 4.1.5 IACS integration service providers |
| 17 | 4.1.6 IACS maintenance service providers 4.2 Maturity model |
| 18 | Tables Table 1 – Maturity levels |
| 19 | 5 Requirements overview 5.1 Contents 5.2 Sorting and filtering 5.3 IEC 62264-1 hierarchy model 5.4 Requirements table columns |
| 20 | 5.5 Column definitions 5.5.1 Req ID column 5.5.2 BR/RE column Table 2 – Columns |
| 21 | 5.5.3 Functional area column |
| 22 | 5.5.4 Topic column Table 3 – Functional area column values |
| 23 | 5.5.5 Subtopic column Table 4 – Topic column values |
| 24 | Table 5 – Subtopic column values |
| 25 | 5.5.6 Documentation column 5.5.7 Requirement description column 5.5.8 Rationale column |
| 26 | Annex A (normative) Security requirements Table A.1 – Security program requirements |
| 91 | Bibliography |
