CLC/TC 65X/WG 03 - Cyber Security

This part of IEC 62443 specifies a scheme for defining (selecting, writing, drafting, creating) IEC 62443 security profiles. This scheme and its specified requirements apply to IEC 62443 security profiles which are planned to be published as part of the upcoming IEC 62443 dedicated security profiles subseries. IEC 62443 security profiles can support interested parties (e.g. during conformity assessment activities) to achieve comparability of assessed IEC 62443 requirements.

This part of IEC 62443 specifies the evaluation methodology to support interested parties (e.g. during conformity assessment activities) to achieve repeatable and reproducible evaluation results against IEC 62443-2-4 requirements. This document is intended for first-party, secondparty or third-party conformity assessment activity, for example by product suppliers, service providers, asset owners and conformity assessment bodies. NOTE 1 62443-2-4 specifies requirements for security capabilities of an IACS service provider. These security capabilities can be offered as a security program during integration and maintenance of an automation solution. NOTE 2 The term “conformity assessment” and the terms first-party conformity assessment activity, second-party conformity assessment activity and third-party conformity assessment activity are defined in ISO/IEC 17000.