Security for industrial automation and control systems – Part 4-2: Technical security requirements for IACS components
|Publication Date:||1 February 2019|
|ICS Code (Industrial process measurement and control):||25.040.40|
|ICS Code (IT Security):||35.030|
This part of IEC 62443 provides detailed technical control system component requirements (CRs) associated with the seven foundational requirements (FRs) described in IEC TS 62443- 1-1 including defining the requirements for control system capability security levels and their components, SL-C(component).
As defined in IEC TS 62443-1-1 there are a total of seven foundational requirements (FRs):
a) identification and authentication control (IAC),
b) use control (UC),
c) system integrity (SI),
d) data confidentiality (DC),
e) restricted data flow (RDF),
f) timely response to events (TRE), and
g) resource availability (RA).
These seven FRs are the foundation for defining control system security capability levels. Defining security capability levels for the control system component is the goal and objective of this document as opposed to SL-T or achieved SLs (SL-A), which are out of scope.
NOTE 1 Refer to IEC 62443‑2‑1  for an equivalent set of non-technical, program-related, capability requirements necessary for fully achieving a SL-T(control system).
NOTE 2 The trademarks and trade names mentioned in this document are given for the convenience of users of this document. This information does not constitute an endorsement by IEC of the products named.