IEC 62443-2-1:2024

Title
Abstract

IEC 62443-2-1:2024 specifies asset owner security program (SP) policy and procedure requirements for an industrial automation and control system (IACS) in operation. This document uses the broad definition and scope of what constitutes an IACS as described in IEC TS 62443‑1‑1. In the context of this document, asset owner also includes the operator of the IACS.
This document recognizes that the lifespan of an IACS can exceed twenty years, and that many legacy systems contain hardware and software that are no longer supported. Therefore, the SP for most legacy systems addresses only a subset of the requirements defined in this document. For example, if IACS or component software is no longer supported, security patching requirements cannot be met. Similarly, backup software for many older systems is not available for all components of the IACS. This document does not specify that an IACS has these technical requirements. This document states that the asset owner needs to have policies and procedures around these types of requirements. In the case where an asset owner has legacy systems that do not have the native technical capabilities, compensating security measures can be part of the policies and procedures specified in this document.
This edition includes the following significant technical changes with respect to the previous edition:
a) revised requirement structure into SP elements (SPEs),
b) revised requirements to eliminate duplication of an information security management system (ISMS), and
c) defined a maturity model for evaluating requirements.

Issue Date

2024-08-07

Category

CYBR

Included in IECEE System

2024-10-25

Purchase webstore
Test Report Form
Testing Equipment List

No information declared

DISCLAIMER: National differences

The National differences and Group differences, National Deviations and Special National conditions (SNC), are based solely on information provided to the Secretariat by the IECEE Member Bodies and/or NCBs and other sources. The IEC/IECEE is not responsible for, nor will it take any position related to, the accuracy or validity of the information provided. To verify the current status of this type of information, we recommend contacting the Member Body (MB) or National Certification Body (NCB) of the relevant country.

Group Differences are applicable for CENELEC member countries: Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom.

No information declared

Laboratory Name

City

Country

Responsible National Certification Body

Essen

Germany

Id

Name

City

Country

13617

Essen

Germany

Id

Name

City

Country

13339

Troja, 182 00 Praha 8

Czech Republic