Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components

IEC 62443-4-2:2019 provides detailed technical control system component requirements (CRs) associated with the seven foundational requirements (FRs) described in IEC TS 62443-1-1 including defining the requirements for control system capability security levels and their components, SL-C(component).
As defined in IEC TS 62443-1-1 there are a total of seven foundational requirements (FRs):
a) identification and authentication control (IAC),
b) use control (UC),
c) system integrity (SI),
d) data confidentiality (DC),
e) restricted data flow (RDF),
f) timely response to events (TRE), and
g) resource availability (RA).
These seven FRs are the foundation for defining control system security capability levels. Defining security capability levels for the control system component is the goal and objective of this document as opposed to SL-T or achieved SLs (SL-A), which are out of scope.
The contents of the corrigendum of August 2022 have been included in this copy.

Sécurité des systèmes d'automatisation et de commande industrielles - Partie 4-2: Exigences de sécurité technique des composants IACS

IEC 62443-4-2:2019 indique les exigences relatives au composant (CR) d'un système de commande technique ainsi que les sept exigences fondamentales (FR) décrites dans l'IEC TS 62443-1-1, y compris la définition des exigences relatives aux niveaux de sécurité de capacité des systèmes de commande et à leurs composants, SL-C(composant).
Comme l'indique l'IEC TS 62443-1-1, il existe en tout sept exigences fondamentales (FR):
a) contrôle d'identification et d'authentification (IAC),
b) contrôle d'utilisation (UC),
c) intégrité du système (SI),
d) confidentialité des données (DC),
e) transfert de données limité (RDF),
f) réponse appropriée aux événements (TRE), et
g) disponibilité des ressources (RA).
Ces sept exigences fondamentales sont à la base de la définition des niveaux de capacité de sécurité des systèmes de commande. Le présent document a pour objet de définir les niveaux de capacité de sécurité du composant du système de commande, par opposition au SL-T ou aux niveaux de sécurité atteints (SL-A), qui n'entrent pas dans le domaine d'application.
Le contenu du corrigendum d'août 2022 a été pris en considération dans cet exemplaire.

General Information

Status
Published
Publication Date
26-Feb-2019
ICS
25.040.40 - Industrial process measurement and control
 
35.030 - IT Security
Technical Committee
TC 65 - Industrial-process measurement, control and automation
Drafting Committee
WG 10 - TC 65/WG 10
Current Stage
PPUB - Publication issued
Start Date
27-Feb-2019
Completion Date
22-Mar-2019

Relations

Corrected By
IEC 62443-4-2:2019/COR1:2022 - Corrigendum 1 - Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components
Effective Date
05-Sep-2023

Overview

IEC 62443-4-2:2019 is an international standard published by the International Electrotechnical Commission (IEC) that specifies the technical security requirements for Industrial Automation and Control System (IACS) components. This standard is a critical part of the IEC 62443 series, focusing on detailed security measures for the components that comprise industrial control systems, enabling manufacturers and integrators to design products that meet robust cybersecurity capabilities.

The document defines requirements aligned with the seven foundational requirements (FRs) introduced in IEC TS 62443-1-1, which are essential for developing secure control systems. The standard aims to establish Security Levels for Control System Components (SL-C) that represent the inherent security features built into these products, distinct from achieved or target security levels.

Key aspects covered include detailed control requirements for identification and authentication, use control, system integrity, data confidentiality, restricted data flows, timely response to security events, and resource availability. IEC 62443-4-2:2019 incorporates updates from the August 2022 corrigendum to ensure compliance with the latest industry security practices.

Key Topics

  • Seven Foundational Requirements (FRs):

    • Identification and Authentication Control (IAC): Ensures robust user and device authentication mechanisms.
    • Use Control (UC): Manages authorization and restricts resource access to legitimate users.
    • System Integrity (SI): Protects system components from unauthorized modification.
    • Data Confidentiality (DC): Guarantees data privacy and protection against unauthorized disclosure.
    • Restricted Data Flow (RDF): Controls data paths to prevent unauthorized data leakage.
    • Timely Response to Events (TRE): Enables swift detection and response to security incidents.
    • Resource Availability (RA): Maintains system operation despite security threats, ensuring uptime.

  • Component Security Constraints: Defines essential constraints such as support for core functions, least privilege enforcement, compensating countermeasures, and adherence to secure software development processes.

  • Detailed Control Requirements: The standard breaks down each foundational requirement into specific technical control requirements (CRs) covering identification, authentication, authorization, session management, auditing, and more, with corresponding security levels to guide implementation rigor.

  • Security Levels for Components (SL-C): Defines capability-based levels that reflect the degree of security inherently built into control system components, facilitating objective assessment for suppliers and users.

Applications

IEC 62443-4-2:2019 plays a pivotal role in enhancing cybersecurity across a wide range of industrial automation and control systems (IACS), including sectors such as:

  • Manufacturing: Securing programmable logic controllers (PLCs), human-machine interfaces (HMIs), and SCADA systems against cyber threats.
  • Energy and Utilities: Protecting critical infrastructure components like energy management systems and distributed control systems.
  • Oil and Gas: Implementing robust security in pipeline control and refinery automation equipment.
  • Transportation: Ensuring safety and integrity of signaling and control components.
  • Building Automation: Enhancing security for HVAC, lighting, and access control devices.

This standard assists product developers and system integrators in embedding security by design, meeting regulatory and customer requirements for cybersecurity, reducing risks of cyberattacks, and supporting compliance with industrial security frameworks.

Related Standards

  • IEC TS 62443-1-1: Provides foundational concepts and models that underpin SL-C definitions and security concepts referenced in IEC 62443-4-2.
  • IEC 62443-2-x series: Focuses on policies and procedures at the organizational and system levels that complement component-level security.
  • IEC 62443-3-x series: Addresses system-level security requirements and security lifecycle guidance for control systems.
  • ISO/IEC 27001: Although broader in scope, this information security management standard complements IEC 62443 series in establishing comprehensive cybersecurity frameworks.
  • NIST SP 800-82: Provides guidelines on industrial control system security aligned with IEC 62443 principles.

By adhering to IEC 62443-4-2:2019, industrial automation suppliers and users can ensure consistent and rigorous technical security measures are implemented within IACS components. This standard contributes significantly to the resilience and reliability of critical infrastructure by fostering secure design, development, and operation of control system components.

IEC 62443-4-2:2019 - Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components - Page 1 previewIEC 62443-4-2:2019 - Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components - Page 2 previewIEC 62443-4-2:2019 - Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components - Page 3 previewIEC 62443-4-2:2019 - Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components - Page 4 preview
PreviousNext
Standard

IEC 62443-4-2:2019 - Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components

English and French language
192 pages
sale 15% off
Preview
sale 15% off
Preview

Frequently Asked Questions

IEC 62443-4-2:2019 is a standard published by the International Electrotechnical Commission (IEC). Its full title is "Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components". This standard covers: IEC 62443-4-2:2019 provides detailed technical control system component requirements (CRs) associated with the seven foundational requirements (FRs) described in IEC TS 62443-1-1 including defining the requirements for control system capability security levels and their components, SL-C(component). As defined in IEC TS 62443-1-1 there are a total of seven foundational requirements (FRs): a) identification and authentication control (IAC), b) use control (UC), c) system integrity (SI), d) data confidentiality (DC), e) restricted data flow (RDF), f) timely response to events (TRE), and g) resource availability (RA). These seven FRs are the foundation for defining control system security capability levels. Defining security capability levels for the control system component is the goal and objective of this document as opposed to SL-T or achieved SLs (SL-A), which are out of scope. The contents of the corrigendum of August 2022 have been included in this copy.

IEC 62443-4-2:2019 provides detailed technical control system component requirements (CRs) associated with the seven foundational requirements (FRs) described in IEC TS 62443-1-1 including defining the requirements for control system capability security levels and their components, SL-C(component). As defined in IEC TS 62443-1-1 there are a total of seven foundational requirements (FRs): a) identification and authentication control (IAC), b) use control (UC), c) system integrity (SI), d) data confidentiality (DC), e) restricted data flow (RDF), f) timely response to events (TRE), and g) resource availability (RA). These seven FRs are the foundation for defining control system security capability levels. Defining security capability levels for the control system component is the goal and objective of this document as opposed to SL-T or achieved SLs (SL-A), which are out of scope. The contents of the corrigendum of August 2022 have been included in this copy.

IEC 62443-4-2:2019 is classified under the following ICS (International Classification for Standards) categories: 25.040.40 - Industrial process measurement and control; 35.030 - IT Security. The ICS classification helps identify the subject area and facilitates finding related standards.

IEC 62443-4-2:2019 has the following relationships with other standards: It is inter standard links to IEC 62443-4-2:2019/COR1:2022. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.

IEC 62443-4-2:2019 is available in PDF format for immediate download after purchase. The document can be added to your cart and obtained through the secure checkout process. Digital delivery ensures instant access to the complete standard document.

Standards Content (Sample)


IEC 62443-4-2 ®
Edition 1.0 2019-02
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Security for industrial automation and control systems –
Part 4-2: Technical security requirements for IACS components

Sécurité des systèmes d’automatisation et de commande industrielles –
Partie 4-2: Exigences de sécurité technique des composants IACS

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform Electropedia - www.electropedia.org
The advanced search enables to find IEC publications by a The world's leading online dictionary on electrotechnology,
variety of criteria (reference number, text, technical containing more than 22 000 terminological entries in English
committee,…). It also gives information on projects, replaced and French, with equivalent terms in 16 additional languages.
and withdrawn publications. Also known as the International Electrotechnical Vocabulary

(IEV) online.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Glossary - std.iec.ch/glossary
details all new publications released. Available online and 67 000 electrotechnical terminology entries in English and
once a month by email. French extracted from the Terms and Definitions clause of
IEC publications issued since 2002. Some entries have been
IEC Customer Service Centre - webstore.iec.ch/csc collected from earlier publications of IEC TC 37, 77, 86 and
If you wish to give us your feedback on this publication or CISPR.

need further assistance, please contact the Customer Service

Centre: sales@iec.ch.
A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.

A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.

Recherche de publications IEC - Electropedia - www.electropedia.org
webstore.iec.ch/advsearchform Le premier dictionnaire d'électrotechnologie en ligne au
La recherche avancée permet de trouver des publications IEC monde, avec plus de 22 000 articles terminologiques en
en utilisant différents critères (numéro de référence, texte, anglais et en français, ainsi que les termes équivalents dans
comité d’études,…). Elle donne aussi des informations sur les 16 langues additionnelles. Egalement appelé Vocabulaire
projets et les publications remplacées ou retirées. Electrotechnique International (IEV) en ligne.

IEC Just Published - webstore.iec.ch/justpublished Glossaire IEC - std.iec.ch/glossary
Restez informé sur les nouvelles publications IEC. Just 67 000 entrées terminologiques électrotechniques, en anglais
Published détaille les nouvelles publications parues. et en français, extraites des articles Termes et Définitions des
Disponible en ligne et une fois par mois par email. publications IEC parues depuis 2002. Plus certaines entrées
antérieures extraites des publications des CE 37, 77, 86 et
Service Clients - webstore.iec.ch/csc CISPR de l'IEC.

Si vous désirez nous donner des commentaires sur cette
publication ou si vous avez des questions contactez-nous:
sales@iec.ch.
IEC 62443-4-2 ®
Edition 1.0 2019-02
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Security for industrial automation and control systems –

Part 4-2: Technical security requirements for IACS components

Sécurité des systèmes d’automatisation et de commande industrielles –

Partie 4-2: Exigences de sécurité technique des composants IACS

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 25.040.40; 35.030 ISBN 978-2-8322-6597-0

– 2 – IEC 62443-4-2:2019  IEC 2019
CONTENTS
FOREWORD . 12
INTRODUCTION . 14
1 Scope . 17
2 Normative references . 17
3 Terms, definitions, abbreviated terms, acronyms, and conventions . 18
3.1 Terms and definitions . 18
3.2 Abbreviated terms and acronyms . 24
3.3 Conventions . 26
4 Common component security constraints . 27
4.1 Overview. 27
4.2 CCSC 1: Support of essential functions . 27
4.3 CCSC 2: Compensating countermeasures . 27
4.4 CCSC 3: Least privilege . 27
4.5 CCSC 4: Software development process . 27
5 FR 1 – Identification and authentication control . 27
5.1 Purpose and SL-C(IAC) descriptions . 27
5.2 Rationale . 28
5.3 CR 1.1 – Human user identification and authentication . 28
5.3.1 Requirement . 28
5.3.2 Rationale and supplemental guidance. 28
5.3.3 Requirement enhancements . 28
5.3.4 Security levels . 29
5.4 CR 1.2 – Software process and device identification and authentication . 29
5.4.1 Requirement . 29
5.4.2 Rationale and supplemental guidance. 29
5.4.3 Requirement enhancements . 29
5.4.4 Security levels . 30
5.5 CR 1.3 – Account management . 30
5.5.1 Requirement . 30
5.5.2 Rationale and supplemental guidance. 30
5.5.3 Requirement enhancements . 30
5.5.4 Security levels . 30
5.6 CR 1.4 – Identifier management . 30
5.6.1 Requirement . 30
5.6.2 Rationale and supplemental guidance. 30
5.6.3 Requirement enhancements . 31
5.6.4 Security levels . 31
5.7 CR 1.5 – Authenticator management . 31
5.7.1 Requirement . 31
5.7.2 Rationale and supplemental guidance. 31
5.7.3 Requirement enhancements . 32
5.7.4 Security levels . 32
5.8 CR 1.6 – Wireless access management . 32

5.9 CR 1.7 – Strength of password-based authentication . 32
5.9.1 Requirement . 32
5.9.2 Rationale and supplemental guidance. 32
5.9.3 Requirement enhancements . 32
5.9.4 Security levels . 33
5.10 CR 1.8 – Public key infrastructure certificates . 33
5.10.1 Requirement . 33
5.10.2 Rationale and supplemental guidance. 33
5.10.3 Requirement enhancements . 33
5.10.4 Security levels . 33
5.11 CR 1.9 – Strength of public key-based authentication . 34
5.11.1 Requirement . 34
5.11.2 Rationale and supplemental guidance. 34
5.11.3 Requirement enhancements . 35
5.11.4 Security levels . 35
5.12 CR 1.10 – Authenticator feedback . 35
5.12.1 Requirement . 35
5.12.2 Rationale and supplemental guidance. 35
5.12.3 Requirement enhancements . 35
5.12.4 Security levels . 35
5.13 CR 1.11 – Unsuccessful login attempts . 35
5.13.1 Requirement . 35
5.13.2 Rationale and supplemental guidance. 36
5.13.3 Requirement enhancements . 36
5.13.4 Security levels . 36
5.14 CR 1.12 – System use notification . 36
5.14.1 Requirement . 36
5.14.2 Rationale and supplemental guidance. 36
5.14.3 Requirement enhancements . 36
5.14.4 Security levels . 37
5.15 CR 1.13 – Access via untrusted networks . 37
5.16 CR 1.14 – Strength of symmetric key-based authentication . 37
5.16.1 Requirement . 37
5.16.2 Rationale and supplemental guidance. 37
5.16.3 Requirement enhancements . 37
5.16.4 Security levels . 38
6 FR 2 – Use control. 38
6.1 Purpose and SL-C(UC) descriptions . 38
6.2 Rationale . 38
6.3 CR 2.1 – Authorization enforcement . 38
6.3.1 Requirement . 38
6.3.2 Rationale and supplemental guidance. 38
6.3.3 Requirement enhancements . 39
6.3.4 Security levels . 39
6.4 CR 2.2 – Wireless use control . 40
6.4.1 Requirement . 40
6.4.2 Rationale and supplemental guidance. 40
6.4.3 Requirement enhancements . 40
6.4.4 Security levels . 40

– 4 – IEC 62443-4-2:2019  IEC 2019
6.5 CR 2.3 – Use control for portable and mobile devices . 40
6.6 CR 2.4 – Mobile code. 40
6.7 CR 2.5 – Session lock . 40
6.7.1 Requirement . 40
6.7.2 Rationale and supplemental guidance. 41
6.7.3 Requirement enhancements . 41
6.7.4 Security levels . 41
6.8 CR 2.6 – Remote session termination . 41
6.8.1 Requirement . 41
6.8.2 Rationale and supplemental guidance. 41
6.8.3 Requirement enhancements . 41
6.8.4 Security levels . 41
6.9 CR 2.7 – Concurrent session control . 41
6.9.1 Requirement . 41
6.9.2 Rationale and supplemental guidance. 42
6.9.3 Requirement enhancements . 42
6.9.4 Security levels . 42
6.10 CR 2.8 – Auditable events . 42
6.10.1 Requirement . 42
6.10.2 Rationale and supplemental guidance. 42
6.10.3 Requirement enhancements . 42
6.10.4 Security levels . 43
6.11 CR 2.9 – Audit storage capacity . 43
6.11.1 Requirement . 43
6.11.2 Rationale and supplemental guidance. 43
6.11.3 Requirement enhancements . 43
6.11.4 Security levels . 43
6.12 CR 2.10 – Response to audit processing failures . 43
6.12.1 Requirement . 43
6.12.2 Rationale and supplemental guidance. 44
6.12.3 Requirement enhancements . 44
6.12.4 Security levels . 44
6.13 CR 2.11 – Timestamps . 44
6.13.1 Requirement . 44
6.13.2 Rationale and supplemental guidance. 44
6.13.3 Requirement enhancements . 44
6.13.4 Security levels . 44
6.14 CR 2.12 – Non-repudiation . 45
6.14.1 Requirement . 45
6.14.2 Rationale and supplemental guidance. 45
6.14.3 Requirement enhancements . 45
6.14.4 Security levels . 45
6.15 CR 2.13 – Use of physical diagnostic and test interfaces . 45
7 FR 3 – System integrity . 45
7.1 Purpose and SL-C(SI) descriptions . 45
7.2 Rationale . 46

7.3 CR 3.1 – Communication integrity . 46
7.3.1 Requirement . 46
7.3.2 Rationale and supplemental guidance. 46
7.3.3 Requirement enhancements . 47
7.3.4 Security levels . 47
7.4 CR 3.2 – Protection from malicious code . 47
7.5 CR 3.3 – Security functionality verification . 47
7.5.1 Requirement . 47
7.5.2 Rationale and supplemental guidance. 47
7.5.3 Requirement enhancements . 47
7.5.4 Security levels . 48
7.6 CR 3.4 – Software and information integrity . 48
7.6.1 Requirement . 48
7.6.2 Rationale and supplemental guidance. 48
7.6.3 Requirement enhancements . 48
7.6.4 Security levels . 48
7.7 CR 3.5 – Input validation . 48
7.7.1 Requirement . 48
7.7.2 Rationale and supplemental guidance. 49
7.7.3 Requirement enhancements . 49
7.7.4 Security levels . 49
7.8 CR 3.6 – Deterministic output . 49
7.8.1 Requirement . 49
7.8.2 Rationale and supplemental guidance. 49
7.8.3 Requirement enhancements . 49
7.8.4 Security levels . 50
7.9 CR 3.7 – Error handling . 50
7.9.1 Requirement . 50
7.9.2 Rationale and supplemental guidance. 50
7.9.3 Requirement enhancements . 50
7.9.4 Security levels . 50
7.10 CR 3.8 – Session integrity. 50
7.10.1 Requirement . 50
7.10.2 Rationale and supplemental guidance. 51
7.10.3 Requirement enhancements . 51
7.10.4 Security levels . 51
7.11 CR 3.9 – Protection of audit information . 51
7.11.1 Requirement . 51
7.11.2 Rationale and supplemental guidance. 51
7.11.3 Requirement enhancements . 51
7.11.4 Security levels . 51
7.12 CR 3.10 – Support for updates . 52
7.13 CR 3.11 – Physical tamper resistance and detection . 52
7.14 CR 3.12 – Provisioning product supplier roots of trust . 52
7.15 CR 3.13 – Provisioning asset owner roots of trust . 52
7.16 CR 3.14 – Integrity of the boot process . 52
8 FR 4 – Data confidentiality. 52
8.1 Purpose and SL-C(DC) descriptions . 52
8.2 Rationale . 52

– 6 – IEC 62443-4-2:2019  IEC 2019
8.3 CR 4.1 – Information confidentiality . 52
8.3.1 Requirement . 52
8.3.2 Rationale and supplemental guidance. 53
8.3.3 Requirement enhancements . 53
8.3.4 Security levels . 53
8.4 CR 4.2 – Information persistence . 53
8.4.1 Requirement . 53
8.4.2 Rationale and supplemental guidance. 53
8.4.3 Requirement enhancements . 53
8.4.4 Security levels . 54
8.5 CR 4.3 – Use of cryptography . 54
8.5.1 Requirement . 54
8.5.2 Rationale and supplemental guidance. 54
8.5.3 Requirement enhancements . 54
8.5.4 Security levels . 54
9 FR 5 – Restricted data flow . 55
9.1 Purpose and SL-C(RDF) descriptions . 55
9.2 Rationale . 55
9.3 CR 5.1 – Network segmentation . 55
9.3.1 Requirement . 55
9.3.2 Rationale and supplemental guidance. 55
9.3.3 Requirement enhancements . 56
9.3.4 Security levels . 56
9.4 CR 5.2 – Zone boundary protection . 56
9.5 CR 5.3 – General-purpose person-to-person communication restrictions . 56
9.6 CR 5.4 – Application partitioning . 56
10 FR 6 – Timely response to events. 56
10.1 Purpose and SL-C(TRE) descriptions . 56
10.2 Rationale . 57
10.3 CR 6.1 – Audit log accessibility . 57
10.3.1 Requirement . 57
10.3.2 Rationale and supplemental guidance. 57
10.3.3 Requirement enhancements . 57
10.3.4 Security levels . 57
10.4 CR 6.2 – Continuous monitoring . 57
10.4.1 Requirement . 57
10.4.2 Rationale and supplemental guidance. 57
10.4.3 Requirement enhancements . 58
10.4.4 Security levels . 58
11 FR 7 – Resource availability . 58
11.1 Purpose and SL-C(RA) descriptions . 58
11.2 Rationale . 58
11.3 CR 7.1 – Denial of service protection . 59
11.3.1 Requirement . 59
11.3.2 Rationale and supplemental guidance. 59
11.3.3 Requirement enhancements . 59
11.3.4 Security levels . 59

11.4 CR 7.2 – Resource management . 59
11.4.1 Requirement . 59
11.4.2 Rationale and supplemental guidance. 59
11.4.3 Requirement enhancements . 59
11.4.4 Security levels . 59
11.5 CR 7.3 – Control system backup . 60
11.5.1 Requirement . 60
11.5.2 Rationale and supplemental guidance. 60
11.5.3 Requirement enhancements . 60
11.5.4 Security levels . 60
11.6 CR 7.4 – Control system recovery and reconstitution . 60
11.6.1 Requirement . 60
11.6.2 Rationale and supplemental guidance. 60
11.6.3 Requirement enhancements . 60
11.6.4 Security levels . 61
11.7 CR 7.5 – Emergency power . 61
11.8 CR 7.6 – Network and security configuration settings . 61
11.8.1 Requirement . 61
11.8.2 Rationale and supplemental guidance. 61
11.8.3 Requirement enhancements . 61
11.8.4 Security levels . 61
11.9 CR 7.7 – Least functionality . 61
11.9.1 Requirement . 61
11.9.2 Rationale and supplemental guidance. 61
11.9.3 Requirement enhancements . 62
11.9.4 Security levels . 62
11.10 CR 7.8 – Control system component inventory . 62
11.10.1 Requirement . 62
11.10.2 Rationale and supplemental guidance. 62
11.10.3 Requirement enhancements . 62
11.10.4 Security levels . 62
12 Software application requirements . 62
12.1 Purpose . 62
12.2 SAR 2.4 – Mobile code . 62
12.2.1 Requirement . 62
12.2.2 Rationale and supplemental guidance. 63
12.2.3 Requirement enhancements . 63
12.2.4 Security levels . 63
12.3 SAR 3.2 – Protection from malicious code . 63
12.3.1 Requirement . 63
12.3.2 Rationale and supplemental guidance. 63
12.3.3 Requirement enhancements . 63
12.3.4 Security levels . 63
13 Embedded device requirements . 64
13.1 Purpose . 64
13.2 EDR 2.4 – Mobile code . 64
13.2.1 Requirement . 64
13.2.2 Rationale and supplemental guidance. 64
13.2.3 Requirement enhancements . 64

– 8 – IEC 62443-4-2:2019  IEC 2019
13.2.4 Security levels . 64
13.3 EDR 2.13 – Use of physical diagnostic and test interfaces . 64
13.3.1 Requirement . 64
13.3.2 Rationale and supplemental guidance. 65
13.3.3 Requirement enhancements . 65
13.3.4 Security levels . 65
13.4 EDR 3.2 – Protection from malicious code . 65
13.4.1 Requirement . 65
13.4.2 Rationale and supplemental guidance. 65
13.4.3 Requirement enhancements . 66
13.4.4 Security levels . 66
13.5 EDR 3.10 – Support for updates . 66
13.5.1 Requirement . 66
13.5.2 Rationale and supplemental guidance. 66
13.5.3 Requirement enhancements . 66
13.5.4 Security levels . 66
13.6 EDR 3.11 – Physical tamper resistance and detection . 66
13.6.1 Requirement . 66
13.6.2 Rationale and supplemental guidance. 66
13.6.3 Requirement enhancements . 67
13.6.4 Security levels . 67
13.7 EDR 3.12 – Provisioning product supplier roots of trust. 67
13.7.1 Requirement . 67
13.7.2 Rationale and supplemental guidance. 67
13.7.3 Requirement enhancements . 67
13.7.4 Security levels . 68
13.8 EDR 3.13 – Provisioning asset owner roots of trust . 68
13.8.1 Requirement . 68
13.8.2 Rationale and supplemental guidance. 68
13.8.3 Requirement enhancements . 68
13.8.4 Security levels . 68
13.9 EDR 3.14 – Integrity of the boot process . 69
13.9.1 Requirement . 69
13.9.2 Rationale and supplemental guidance. 69
13.9.3 Requirement enhancements . 69
13.9.4 Security levels . 69
14 Host device requirements . 69
14.1 Purpose . 69
14.2 HDR 2.4 – Mobile code . 69
14.2.1 Requirement . 69
14.2.2 Rationale and supplemental guidance. 70
14.2.3 Requirement enhancements . 70
14.2.4 Security levels . 70
14.3 HDR 2.13 – Use of physical diagnostic and test interfaces . 70
14.3.1 Requirement . 70
14.3.2 Rationale and supplemental guidance.
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...