iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
IEC

IEC 62443-2-4:2015/AMD1:2017

(Amendment)

Amendment 1 - Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providers

Amendment 1 - Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providers

Applies to all line-commutated high-voltage direct current (HVDC) converter stations used for power exchange in utility systems. Presumes the use of 12-pulse thyristor converters but can also be used for 6-pulse thyristor converters. Presents procedures for determining the total losses of an HVDC converter station. Cover all parts, except synchronous compensators or static var compensators and address no-load operation and operating losses together with their methods of calculation which use, wherever possible, measured parameters.[
]The contents of the corrigendum of October 1999 have been included in this copy.

Amendement 1 - Sécurité des automatismes industriels et des systèmes de commande - Partie 2-4: Exigences de programme de sécurité pour les fournisseurs de service IACS

S'applique à tous les postes de conversion en courant continu à haute tnesion (CCHT), commutés par le réseau, et utilisés pour l'échange de puissance dans des systèmes de distribution d'énergie. Présuppose l'utilisation de convertisseurs à thyristors à 12 impulsions mais peut également s'appliquer à des convertisseurs à thyristors à 6 impulsions. Décrit un ensemble de procédures types permettant de déterminer l'ensemble des pertes d'un poste de conversion à CCHT. Les procédures recouvrent toutes les pièces, à l'exception des compensateurs synchrones ou des compensateurs var statiques et considèrent les pertes en fonctionnement à vide et les pertes en fonctionnement ainsi que leurs méthodes de calcul utilisant, dans la mesure du possible, des paramètres mesurés.[
]Le contenu du corrigendum d'octobre 1999 a été pris en considération dans cet exemplaire.

General Information

Status
Published
Publication Date
23-Aug-2017
ICS
01 - GENERALITIES. TERMINOLOGY. STANDARDIZATION. DOCUMENTATION
25.040.40 - Industrial process measurement and control
29.200 - Rectifiers. Convertors. Stabilized power supply
35.110 - Networking
Technical Committee
TC 65 - Industrial-process measurement, control and automation
Drafting Committee
WG 10 - TC 65/WG 10
Current Stage
Ref Project

Relations

Amends
IEC 62443-2-4:2015 - Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providers
Effective Date
05-Sep-2023
Revised
IEC 62443-2-4:2023 - Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providers
Effective Date
05-Sep-2023

Buy Standard

IEC 62443-2-4:2015/AMD1:2017 - Amendment 1 - Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providers Released:8/24/2017 Isbn:9782832243664IEC 62443-2-4:2015/AMD1:2017 - Amendment 1 - Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providers Released:8/24/2017 Isbn:9782832243664
PreviousNext
Standard
IEC 62443-2-4:2015/AMD1:2017 - Amendment 1 - Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providers Released:8/24/2017 Isbn:9782832243664
English language
19 pages
sale 15% off
Preview
sale 15% off
Preview
IEC 62443-2-4:2015/AMD1:2017 - Amendment 1 - Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providersIEC 62443-2-4:2015/AMD1:2017 - Amendment 1 - Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providers
PreviousNext
Standard
IEC 62443-2-4:2015/AMD1:2017 - Amendment 1 - Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providers
English and French language
43 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


IEC 62443-2-4 ®
Edition 1.0 2017-08
INTERNATIONAL
STANDARD
colour
inside
AMENDMENT 1
Security for industrial automation and control systems –
Part 2-4: Security program requirements for IACS service providers

IEC 62443-2-4:2015-06/AMD1:2017-08(en)

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form

or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or

your local IEC member National Committee for further information.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00

CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.

IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 20 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 16 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.

IEC publications search - www.iec.ch/searchpub IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 65 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and

CISPR.
IEC Just Published - webstore.iec.ch/justpublished

Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: csc@iec.ch.
IEC 62443-2-4 ®
Edition 1.0 2017-08
INTERNATIONAL
STANDARD
colour
inside
AMENDMENT 1
Security for industrial automation and control systems –

Part 2-4: Security program requirements for IACS service providers

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 25.040.40; 35.110 ISBN 978-2-8322-4366-4

– 2 – IEC 62443-2-4:2015/AMD 1:2017

© 2017
FOREWORD
This amendment has been prepared by IEC technical committee 65: Industrial-process

measurement, control and automation.

The text of this amendment is based on the following documents:

CDV Report on voting
65/637A/CDV 65/661/RVC
Full information on the voting for the approval of this amendment can be found in the report
on voting indicated in the above table.

IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
_____________
1 Scope
Replace the first paragraph by the following new text:
This part of IEC 62443 specifies a comprehensive set of requirements for security capabilities
for IACS service providers that they can offer to the asset owner during integration and
maintenance activities of an Automation Solution. Because not all requirements apply to all
industry groups and organizations, Subclause 4.1.4 provides for the development of Profiles
that allow for the subsetting of these requirements. Profiles are used to adapt this document
to specific environments, including environments not based on an IACS.
Delete Note 4 and renumber Note 5 to "Note 4".

3.1.14
safety instrumented system
Add the following Note 2 to entry:
Note 2 to entry: Not all industry sectors use this term. This term is not restricted to any specific industry sector,
and it is used generically to refer to systems that enforce functional safety. Other equivalent terms include safety
systems and safety related systems.

4.1.4 Profiles
Replace the existing text with the following:
This document recognizes that not all of the requirements in Annex A apply to all industry
sectors/environments. To allow subsetting and adaptation of these requirements, this
document provides for the use of “Profiles”.

IEC 62443-2-4:2015/AMD 1:2017 – 3 –

© 2017
Profiles are written as IEC Technical Reports (TRs) by industry groups/sectors or other

organizations, including asset owners and service providers, to select/adapt Annex A

requirements that are most appropriate to their specific needs.

Each TR may define one or more profiles, and each profile identifies a subset of the

requirements defined in Annex A and specifies, where necessary, how specific requirements

are to be applied in the environment where they are to be used.

It is anticipated that asset owners will select these profiles to specify the requirements that

apply to their Automation Solutions.

4.2 Maturity model
Table 1 – Maturity levels
Replace, in the fourth column, row for Level 2, the second paragraph that begins with “At this
level, the service provider has…” by the following:
At this level, the service provider has the capability to manage the delivery and performance of the service
according to written policies (including objectives). The service provider also has evidence to show that personnel
who will perform the service have the expertise, are trained, and/or are capable of following written procedures to
perform the service.
5.1 Contents
Insert the following new paragraph between the first paragraph and the note:
Not all requirements apply to all service providers, and asset owners may request service
providers to perform only a subset of the required capabilities specified in Annex A. In
addition, industry sectors, service providers, and asset owners may define their own profiles
that contain a subset of these requirements (see 4.1.4).

5.3 IEC 62264-1 hierarchy model
Replace the first paragraph with the following:
Many of the requirements in Annex A refer to network or application levels in phrases such as
“a wireless handheld device is used in Level 2”. When capitalized, “Level” in this context

refers to the position in the IEC 62264-1 Hierarchy Model. The Level of a referenced object
(e.g. wireless handheld device) is represented by the lowest Level function that it executes.
The zones and conduits model described by IEC 62443-3-2 is referenced by requirements in
Annex A that address, independent of the IEC 62264-1 Hierarchy Model Level, trust
boundaries that subdivide the Automation Solution into partitions referred to as “zones” by
IEC 62443-3-2.
5.5.3 Functional area column
Replace the first paragraph with the following:
This column provides the top level technical organization of the requirements. Table 3
provides a list of the functional areas. The functional areas in this column can be used to
provide a high level summary of the areas in which service providers claim conformance.
However, because the “Architecture” functional area is so broad, its use as a summary level is

– 4 – IEC 62443-2-4:2015/AMD 1:2017

© 2017
limited. Therefore, it is subdivided into three summary levels based on the Topic column (see

5.5.4) values for Architecture as shown below:

Summary Level Topic column
Network Security Devices – Network

Network design
Solution Hardening Devices – All

Devices – Workstations
Risk assessment,
Solution components
Data Protection Data Protection

5.5.7 Requirement description
Add “column” to the title as follows:
Requirement description column
Replace the existing text with the following:
This column contains the textual description of the requirement. It may also contain notes that
are examples provided to help in understanding the requirement.
Each requirement defines a capability required of the service provider. Whether an asset
owner requires the service provider to perform the capability is beyond the scope of this
document.
The term “ensure” is used in many requirements to mean “provide a high level of confidence”.
It is used when the service provider needs to have some means, such as a demonstration,
verification, or process, of providing this level of confidence.
The phrase “commonly accepted by both the security and industrial automation communities”
is used in these requirement descriptions in place of specific security technologies, such as
specific encryption algorithms. This phrase is used to allow evolution of more secure
technologies as a replacement for technologies whose weaknesses have been exposed.
To be compliant to these requirements, service providers will have to use technologies (e.g.

encryption) that are commonly accepted and used by the security and industrial automation
communities at the time compliance is claimed. Technologies that are no longer considered
secure, such as the Digital Encryption Standard (DES) and the Wireless Equivalent Privacy
(WEP) security algorithms, would be non-conformant.

5.5.8 Rationale
Add “column” to the title as follows:
Rationale column
IEC 62443-2-4:2015/AMD 1:2017 – 5 –

© 2017
Annex A – Security requirements
Table A.1 – Security program requirements
Change the text in the “Requirement description” and “Rationale” columns to:
Req ID BR/R Functional Topic Subtopic Doc Requirement description Rationale
E area ?
SP.01.04 BR Solution staffing Background Service provider No The service provider shall have the The capabilities specified by this BR and its REs are
checks capability to ensure that it assigns used to protect the Automation Solution from being
only service provider personnel to staffed with personnel whose trustworthiness may be
Automation Solution related questionable. While the background check cannot
activities who have successfully guarantee trustworthiness, it can identify personnel
passed security-related background who have had trouble with their trustworthiness.
checks, where feasible, and to the
Having this capability means that the service provider
extent allowed by applicable law.
has an identifiable process for verifying the integrity of
the service provider personnel it will assign to work on
the Automation Solution. This requirement also
recognizes that the ability to perform background
checks is not always possible because of applicable
laws or because of lack of support by local authorities
and/or service organizations. For example, there may
be countries that do not prohibit background checks,
but that provide no support for conducting a
background check, making it infeasible or impractical
for the service provider to perform such a check.
How and how often background checks are performed
are left to the service provider. Examples of
background checks include identity verification and
criminal record checks.
– 6 – IEC 62443-2-4:2015/AMD 1:2017

© 2017
Change the text in the “Requirement description” and “Rationale” columns to:
Req ID BR/RE Functional Topic Subtopic Doc Requirement description Rationale
area ?
SP.01.04 RE(1) Solution Background Subcontractor No The service provider shall have the Having this capability means that the service provider
staffing checks capability to ensure that it assigns has an identifiable process for verifying the integrity of
only subcontractors, consultants, the subcontractors, consultants, and representatives of
and representatives to the service provider who will be assigned to work on
Automation Solution related activities the Automation Solution. This requirement also
who have successfully passed recognizes that the ability to perform background
security-related background checks, checks is not always possible because of applicable
where feasible, and to the extent laws or because of lack of support by local authorities
allowed by applicable law. and/or service organizations. For example, there may
be countries that do not prohibit background checks,
but that provide no support for conducting a
background check, making it infeasible or impractical
for the service provider to perform such a check.
How and how often background checks are performed
are left to the service provider. Examples of
background checks include identity verification and
criminal record checks.
See ISO/IEC 27036-3 for additional supply chain
organizational requirements.
IEC 62443-2-4:2015/AMD 1:2017 – 7 –

© 2017
Change the text in the “Requirement description” and “Rationale” columns to:
Req ID BR/RE Functional Topic Subtopic Doc Requirement description Rationale
area ?
SP.01.06 BR Solution Personnel Security lead No The service provider shall have The capability specified by this BR is used to reduce
staffing assignments documented minimum IACS cyber- errors in security decision making and implementation.
security qualifications for security Making poor choices or lacking the ability to properly
lead positio
...


IEC 62443-2-4 ®
Edition 1.0 2017-08
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
A MENDMENT 1
AM ENDEMENT 1
Security for industrial automation and control systems –
Part 2-4: Security program requirements for IACS service providers

Sécurité des automatismes industriels et des systèmes de commande –
Partie 2-4: Exigences de programme de sécurité pour les fournisseurs de
service IACS
IEC 62443-2-4:2015-06/AMD1:2017-08(en-fr)

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform Electropedia - www.electropedia.org
The advanced search enables to find IEC publications by a The world's leading online dictionary on electrotechnology,
variety of criteria (reference number, text, technical containing more than 22 000 terminological entries in English
committee,…). It also gives information on projects, replaced and French, with equivalent terms in 16 additional languages.
and withdrawn publications. Also known as the International Electrotechnical Vocabulary

(IEV) online.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Glossary - std.iec.ch/glossary
details all new publications released. Available online and 67 000 electrotechnical terminology entries in English and
once a month by email. French extracted from the Terms and Definitions clause of
IEC publications issued since 2002. Some entries have been
IEC Customer Service Centre - webstore.iec.ch/csc collected from earlier publications of IEC TC 37, 77, 86 and
If you wish to give us your feedback on this publication or CISPR.

need further assistance, please contact the Customer Service

Centre: sales@iec.ch.
A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.

A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.

Recherche de publications IEC - Electropedia - www.electropedia.org
webstore.iec.ch/advsearchform Le premier dictionnaire d'électrotechnologie en ligne au
La recherche avancée permet de trouver des publications IEC monde, avec plus de 22 000 articles terminologiques en
en utilisant différents critères (numéro de référence, texte, anglais et en français, ainsi que les termes équivalents dans
comité d’études,…). Elle donne aussi des informations sur les 16 langues additionnelles. Egalement appelé Vocabulaire
projets et les publications remplacées ou retirées. Electrotechnique International (IEV) en ligne.

IEC Just Published - webstore.iec.ch/justpublished Glossaire IEC - std.iec.ch/glossary
Restez informé sur les nouvelles publications IEC. Just 67 000 entrées terminologiques électrotechniques, en anglais
Published détaille les nouvelles publications parues. et en français, extraites des articles Termes et Définitions des
Disponible en ligne et une fois par mois par email. publications IEC parues depuis 2002. Plus certaines entrées
antérieures extraites des publications des CE 37, 77, 86 et
Service Clients - webstore.iec.ch/csc CISPR de l'IEC.

Si vous désirez nous donner des commentaires sur cette
publication ou si vous avez des questions contactez-nous:
sales@iec.ch.
IEC 62443-2-4 ®
Edition 1.0 2017-08
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
A MENDMENT 1
AM ENDEMENT 1
Security for industrial automation and control systems –

Part 2-4: Security program requirements for IACS service providers

Sécurité des automatismes industriels et des systèmes de commande –

Partie 2-4: Exigences de programme de sécurité pour les fournisseurs de

service IACS
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 25.040.40; 35.110 ISBN 978-2-8322-6486-7

– 2 – IEC 62443-2-4:2015/AMD1:2017
© IEC 2017
FOREWORD
This amendment has been prepared by IEC technical committee 65: Industrial-process
measurement, control and automation.
This bilingual version (20219-02) corresponds to the monolingual English version, published
in 2017-08.
The text of this amendment is based on the following documents:
CDV Report on voting
65/637A/CDV 65/661/RVC
Full information on the voting for the approval of this amendment can be found in the report
on voting indicated in the above table.
The French version of this amendment has not been voted upon.

IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
_____________
1 Scope
Replace the first paragraph by the following new text:
This part of IEC 62443 specifies a comprehensive set of requirements for security capabilities
for IACS service providers that they can offer to the asset owner during integration and
maintenance activities of an Automation Solution. Because not all requirements apply to all
industry groups and organizations, Subclause 4.1.4 provides for the development of Profiles
that allow for the subsetting of these requirements. Profiles are used to adapt this document
to specific environments, including environments not based on an IACS.
Delete Note 4 and renumber Note 5 to "Note 4".

3.1.14
safety instrumented system
Add the following Note 2 to entry:
Note 2 to entry: Not all industry sectors use this term. This term is not restricted to any specific industry sector,
and it is used generically to refer to systems that enforce functional safety. Other equivalent terms include safety
systems and safety related systems.

© IEC 2017
4.1.4 Profiles
Replace the existing text with the following:
This document recognizes that not all of the requirements in Annex A apply to all industry
sectors/environments. To allow subsetting and adaptation of these requirements, this
document provides for the use of “Profiles”.
Profiles are written as IEC Technical Reports (TRs) by industry groups/sectors or other
organizations, including asset owners and service providers, to select/adapt Annex A
requirements that are most appropriate to their specific needs.
Each TR may define one or more profiles, and each profile identifies a subset of the
requirements defined in Annex A and specifies, where necessary, how specific requirements
are to be applied in the environment where they are to be used.
It is anticipated that asset owners will select these profiles to specify the requirements that
apply to their Automation Solutions.

4.2 Maturity model
Table 1 – Maturity levels
Replace, in the fourth column, row for Level 2, the second paragraph that begins with “At this
level, the service provider has…” by the following:
At this level, the service provider has the capability to manage the delivery and performance of the service
according to written policies (including objectives). The service provider also has evidence to show that personnel
who will perform the service have the expertise, are trained, and/or are capable of following written procedures to
perform the service.
5.1 Contents
Insert the following new paragraph between the first paragraph and the note:
Not all requirements apply to all service providers, and asset owners may request service
providers to perform only a subset of the required capabilities specified in Annex A. In
addition, industry sectors, service providers, and asset owners may define their own profiles
that contain a subset of these requirements (see 4.1.4).

5.3 IEC 62264-1 hierarchy model
Replace the first paragraph with the following:
Many of the requirements in Annex A refer to network or application levels in phrases such as
“a wireless handheld device is used in Level 2”. When capitalized, “Level” in this context
refers to the position in the IEC 62264-1 Hierarchy Model. The Level of a referenced object
(e.g. wireless handheld device) is represented by the lowest Level function that it executes.
The zones and conduits model described by IEC 62443-3-2 is referenced by requirements in
Annex A that address, independent of the IEC 62264-1 Hierarchy Model Level, trust
boundaries that subdivide the Automation Solution into partitions referred to as “zones” by
IEC 62443-3-2.
– 4 – IEC 62443-2-4:2015/AMD1:2017
© IEC 2017
5.5.3 Functional area column
Replace the first paragraph with the following:
This column provides the top level technical organization of the requirements. Table 3
provides a list of the functional areas. The functional areas in this column can be used to
provide a high level summary of the areas in which service providers claim conformance.
However, because the “Architecture” functional area is so broad, its use as a summary level is
limited. Therefore, it is subdivided into three summary levels based on the Topic column (see
5.5.4) values for Architecture as shown below:
Summary Level Topic column
Network Security Devices – Network
Network design
Solution Hardening Devices – All
Devices – Workstations
Risk assessment,
Solution components
Data Protection Data Protection

5.5.7 Requirement description
Add “column” to the title as follows:
Requirement description column
Replace the existing text with the following:
This column contains the textual description of the requirement. It may also contain notes that
are examples provided to help in understanding the requirement.
Each requirement defines a capability required of the service provider. Whether an asset
owner requires the service provider to perform the capability is beyond the scope of this
document.
The term “ensure” is used in many requirements to mean “provide a high level of confidence”.
It is used when the service provider needs to have some means, such as a demonstration,
verification, or process, of providing this level of confidence.
The phrase “commonly accepted by both the security and industrial automation communities”
is used in these requirement descriptions in place of specific security technologies, such as
specific encryption algorithms. This phrase is used to allow evolution of more secure
technologies as a replacement for technologies whose weaknesses have been exposed.
To be compliant to these requirements, service providers will have to use technologies (e.g.
encryption) that are commonly accepted and used by the security and industrial automation
communities at the time compliance is claimed. Technologies that are no longer considered
secure, such as the Digital Encryption Standard (DES) and the Wireless Equivalent Privacy
(WEP) security algorithms, would be non-conformant.

© IEC 2017
5.5.8 Rationale
Add “column” to the title as follows:
Rationale column
– 6 – IEC 62443-2-4:2015/AMD1:2017
© IEC 2017
Annex A – Security requirements
Table A.1 – Security program requirements
Change the text in the “Requirement description” and “Rationale” columns to:
Req ID BR/R Functional Topic Subtopic Doc Requirement description Rationale
E area ?
SP.01.04 BR Solution staffing Background Service provider No The service provider shall have the The capabilities specified by this BR and its REs are
checks capability to ensure that it assigns used to protect the Automation Solution from being
only service provider personnel to staffed with personnel whose trustworthiness may be
Automation Solution related questionable. While the background check cannot
activities who have successfully guarantee trustworthiness, it can identify personnel
passed security-related background who have had trouble with their trustworthiness.
checks, where feasible, and to the
Having this capability means that the service provider
extent allowed by applicable law.
has an identifiable process for verifying the integrity of
the service provider personnel it will assign to work on
the Automation Solution. This requirement also
recognizes that the ability to perform background
checks is not always possible because of applicable
laws or
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

IEC
IEC 60127-8:2018(Main)
Miniature fuses - Part 8: Fuse resistors with particular overcurrent protection

IEC 60127-8:2018 relates to fuse resistors with particular overcurrent protection rated up to AC 500 V and/or DC 500 V for printed circuits and other substrate systems, used for the protection of electric appliances, electronic equipment and component parts thereof, normally intended to be used indoors.
It does not apply to fuse resistors with particular overcurrent protection for appliances intended to be used under special conditions, such as in a corrosive or explosive atmosphere.
The object of this part of IEC 60127 is
a) to establish uniform requirements for fuse resistors with particular overcurrent protection so as to protect appliances or parts of appliances in the most suitable way;
b) to define the performance of the fuse resistors with particular overcurrent protection, so as to give guidance to manufacturers of electrical appliances and electronic equipment and to ensure replacement of fuse resistors with particular overcurrent protection by those of similar dimensions and characteristics;
c) to establish uniform test methods for fuse resistors with particular overcurrent protection, so as to allow verification of the values (for example rated dissipation, functioning characteristic and rated breaking capacity values) specified by the manufacturer.
This part of IEC 60127 applies in addition to the requirements of IEC 60127-1.
This first edition of IEC 60127-8 cancels and replaces IEC PAS 60127-8:2014.
This international standard is to be used in conjunction with IEC 60127-1.
Keywords: Miniature Fuses, Fuse-Resistors, Overcurrent Protection

  • Standard
    25 pages
    English language
    sale 15% off
  • Standard
    52 pages
    English language
    sale 15% off
  • Standard
    49 pages
    English and French language
    sale 15% off
IEC
IEC 61280-2-13:2024(Main)
Fibre optic communication subsystem test procedures - Part 2-13: Digital systems - Measurement of error vector magnitude

IEC 61280-2-13:2024 series defines a procedure for calculating the root-mean-square error vector magnitude of optical n-APSK signals from a set of measured symbols. It specifically defines the normalization of the reference states and a procedure for optimal scaling of the measured symbol states. The procedure described in this document applies to single-polarized optical signals as well as to conventional polarization-multiplexed signals with independently modulated polarization tributaries. In general, it is not advisable to apply these procedures without modification to signals, in which optical amplitude, phase, and polarization state are simultaneously modulated to encode the information data. This document does not specify any signal processing steps for extracting the symbols from the received optical signals, because these steps depend on the optical receiver and can vary with the type of the transmitted n-APSK signal. These and optional additional signal processing steps are defined in application-specific documents.

  • Standard
    49 pages
    English and French language
    sale 15% off
IEC
IEC 60127-8:2018/AMD1:2024(Amendment)
Amendment 1 - Miniature fuses - Part 8: Fuse resistors with particular overcurrent protection
  • Standard
    13 pages
    English and French language
    sale 15% off
IEC
IEC 62024-1:2024(Main)
High frequency inductive components - Electrical characteristics and measuring methods - Part 1: Nanohenry range chip inductor

IEC 62024-1:2024 is available as IEC 62024-1:2024 RLV which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition.IEC 62024-1:2024 specifies the electrical characteristics and measuring methods for the nanohenry range chip inductor that is normally used in the high frequency (over 100 kHz) range.
This edition includes the following significant technical changes with respect to the previous edition:
a) addition of S parameter measurement;
b) addition of the inductance, Q-factor and impedance of an inductor which are measured by the reflection coefficient method with a network analyzer;
c) addition of the resonance frequency of an inductor which is measured by a two-port network analyzer;
d) addition of the mounting method for a surface mounting inductor with Pb-free solder.

  • Standard
    102 pages
    English language
    sale 15% off
  • Standard
    63 pages
    English and French language
    sale 15% off
IEC
IEC 63412-1:2024(Main)
Ultrasonics - Shear-wave elastography - Part 1: Specifications for the user interface

IEC 63412-1:2024 specifies quantities and parameters which it is essential to provide to the user of shear-wave elastography systems, many in the image headers.
This document is applicable to medical-diagnostic, ultrasonic shear-wave elastography systems, exciting (internally or externally) shear waves and tracking their propagation within biological tissue.

  • Standard
    41 pages
    English and French language
    sale 15% off
IEC
IEC TS 62607-9-2:2024(Main)
Nanomanufacturing - Key control characteristics - Part 9-2: Nanomagnetic products - Magnetic field distribution: Magneto-optical indicator film technique

IEC TS 62607-9-2:2024, which is a Technical Specification, establishes a standardized method to determine the key control characteristic
• magnetic field distribution
of nanomagnetic materials, structures and devices by the
• magneto-optical indicator film technique.
The magnetic field distribution is derived by utilizing a magneto optical indicator film, which is a thin film of magneto-optic material that is placed on the surface of an object exhibiting a spatially varying magnetic field distribution. The Faraday effect is then employed to measure the magnetic field strength by analysing the rotation of the polarization plane of light passing through the magneto-optic film.
The method is applicable for measuring the stray field distribution of flat nanomagnetic materials, structures and devices.
- The method can especially be used to perform fast quantitative measurements of stray field distributions at the surface of an object.
- The magneto-optic indicator film technique (MOIF) is a fast, non-destructive method, making it an attractive option for materials analysis and testing in the industry.
- MOIF measurements can be done without any sample preparation and do not rely on specific surface properties of the object. It can be applied to the characterization of rough samples as well as of samples with non-magnetic cover layers.
- MOIF can quantitatively measure magnetic field distributions:
• with a one-shot measurement which typically takes a few seconds
• over areas of several square centimetres (over diameters of up to 15 cm with special techniques)
• in a field range from 1 mT to more than 100 mT
• with down to 1 µm spatial resolution
- Although techniques with nano-scale resolution are suitable for analysing the details of magnetic field structure, their ability to characterize larger areas is limited by their scanning area. Therefore, the MOIF technique is an indispensable complementary method that can offer a more comprehensive understanding of material properties.
This document focuses on the calibration procedures, calibrated measurement process, and evaluation of measurement uncertainty to ensure the traceability of quantitative magnetic field measurements obtained through the magneto-optic indicator film technique.

  • Technical specification
    771 pages
    English language
    sale 15% off
IEC
IEC TS 63336:2024(Main)
Commissioning of VSC HVDC systems

IEC TS 63336:2024, which is a technical specification, applies to the commissioning of voltage-sourced converter (VSC) high voltage direct current (HVDC) systems which consist of two converter stations and the connecting HVDC transmission line.
The tests are generally applied to all HVDC configurations and could require addition or deletion to match the given solution.
This document provides guidance on the planning of commissioning activities. The commissioning described in this document is implemented through on-site testing on the whole system functionality, including testing on the subsystem and system. This document provides the scope, procedures and acceptance criteria of the tests.
Factory system tests, on-site equipment tests, electrode tests, and trial operation are not included in this document.

  • Technical specification
    61 pages
    English language
    sale 15% off
IEC
IEC 63128:2019(Main)
Lighting control interface for dimming - Analogue voltage dimming interface for electronic current sourcing controlgear

IEC 63128:2019 specifies the analogue control interface of controlgear which has the function of controlling the output of the controlgear. The output of the controlgear is controlled between minimum/off and maximum values by the voltage control device sinking the controlgear current source.
This document does not specify safety requirements for the analogue interface of controlgear. Safety requirements are given in IEC 61347 (all parts).

  • Standard
    29 pages
    English language
    sale 15% off
  • Standard
    21 pages
    English and French language
    sale 15% off
IEC
IEC SRD 63476-1:2024(Main)
Smart city system ontology - Part 1: Gap analysis

IEC SRD 63476-1:2024 provides a gap analysis on ontology relevant standards for smart city systems to be used as a base document for mapping, developing and maintaining a set of ontology standards for smart city systems.
Ontology is becoming a key subject in the world of big data, AI, IoT, and smart city system standards. The following benefits of ontology are recognized as important with respect to interoperability, connectivity, traceability of digital content, particularly machine readability, executability and interpretability of digital content for decision making and actions.
- Increase interoperability across domains.
- Enable machine-readable code for computational reasoning and decision making.
- Create semantic linkages between data, information and knowledge systems.
- Build accessible APIs and semantic linkages between web-based data objects.
- Link data domains with shared concepts or canonical data models.
- Connect shared data concepts and definitions between domains.
However, ontology has a variety of definitions in different international standards. How to understand different meanings of ontology and select the right definition for the right stakeholders’ concerns for the right purposes is a big challenge for effective integration of business, data, information, knowledge and decision making, across disciplines, domains, systems, platforms and applications in smart cites. Moreover, how to deal with the grand challenges of interoperability of many and various ontologies to satisfy the demands from artificial intelligence and big data analytics are gaps to be filled in the area of smart city systems. How to develop digital content that is machine readable, executable and interpretable, working in the system without human effort for a smart city system are emerging needs to be studied. There are significant demands for better communication, coordination, cooperation, collaboration and connectivity of existing ontology standards to smart cities practical sectors. This document aims:
• to identify existing ontology standards from different Standards Development Organizations (SDOs) and to provide best practice examples and considerations of ontology standards development and maintenance for smart city systems;
• to identify gaps in existing ontology standards for smart city systems and the opportunities and challenges in ontology standards development taking into account multi-dimensional and muti-domain stakeholders’ concerns city wide, and to provide recommendations for ontology standards development and maintenance to enable integration, interoperability, efficiency and effectiveness of smart city systems.

  • Standardization document
    69 pages
    English language
    sale 15% off
IEC
IEC 60404-1-1:2004(Main)
Magnetic materials - Part 1-1: Classification - Surface insulations of electrical steel sheet, strip and laminations

Establishes a classification of surface insulations for electrical steel sheet, strip and laminations according to their general composition, relative insulating ability and function. These surface insulations are either oxide layers or applied coatings. The purpose of this classification is to create a nomenclature for the various types of surface insulations and to assist users of surface insulations by providing general information about the chemical nature and use of the surface insulations. It is not the intent of this classification to specify insulation requirements in terms of specific values of surface insulation resistance. Such requirements are agreed between the purchaser and the steel producer, where applicable. The classification is used in conjunction with the various specifications for cold rolled electrical steels (see the standards in the IEC 60404-8 series in Clause 2).

  • Standard
    16 pages
    English language
    sale 15% off
  • Standard
    13 pages
    English and French language
    sale 15% off