IEC 62443-2-4:2023

Title
Abstract

IEC 62443-2:2023 specifies a comprehensive set of requirements for security-related processes that IACS service providers can offer to the asset owner during integration and maintenance activities of an Automation Solution. Because not all requirements apply to all industry groups and organizations, Subclause 4.1.4 provides for the development of "profiles" that allow for the subsetting of these requirements. Profiles are used to adapt this document to specific environments, including environments not based on an IACS.
NOTE 1 The term "Automation Solution" is used as a proper noun (and therefore capitalized) in this document to prevent confusion with other uses of this term. Collectively, the security processes offered by an IACS service provider are referred to as its Security Program (SP) for IACS asset owners. In a related specification, IEC 62443-2-1 describes requirements for the Security Management System of the asset owner.
NOTE 2 In general, these security capabilities are policy, procedure, practice and personnel related. Figure 1 illustrates the integration and maintenance security processes of the asset owner, service provider(s), and product supplier(s) of an IACS and their relationships to each other and to the Automation Solution. Some of the requirements of this document relating to the safety program are associated with security requirements described in IEC 62443-3-3 and IEC 62443-4-2.
NOTE 3 The IACS is a combination of the Automation Solution and the organizational measures necessary for its design, deployment, operation, and maintenance.
NOTE 4 Maintenance of legacy system with insufficient security technical capabilities, implementation of policies, processes and procedures can be addressed through risk mitigation.

Issue Date

2023-12-15

Category

CYBR

Included in IECEE System

2024-01-12

Purchase webstore
Test Report Form
Testing Equipment List

No information declared

DISCLAIMER: National differences

The National differences and Group differences, National Deviations and Special National conditions (SNC), are based solely on information provided to the Secretariat by the IECEE Member Bodies and/or NCBs and other sources. The IEC/IECEE is not responsible for, nor will it take any position related to, the accuracy or validity of the information provided. To verify the current status of this type of information, we recommend contacting the Member Body (MB) or National Certification Body (NCB) of the relevant country.

Group Differences are applicable for CENELEC member countries: Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom.

No information declared

Id

Name

City

Country

13360

Arnhem

Netherlands

13339

Troja, 182 00 Praha 8

Czech Republic

13749

NL - 7327 AC Apeldoorn

Netherlands

13343

Fontenay-Aux-Roses

France

13334

BRUSSELS 1070

Belgium

13342

Helsinki

Finland

13617

Essen

Germany

13427

Singapore 609937

Singapore

13346

München

Germany

Id

Name

City

Country

13353

Tokyo

Japan