scope:

This part of IEC 62443 specifies the evaluation methodology to support interested parties (e.g. during conformity assessment activities) to achieve repeatable and reproducible evaluation results against IEC 62443-2-4 requirements. This document is intended for first-party, second- party or third-party conformity assessment activity, for example by product suppliers, service providers, asset owners and conformity assessment bodies. NOTE 1 - 62443-2-4 specifies requirements for security capabilities of an IACS service provider. These security capabilities can be offered as a security program during integration and maintenance of an automation solution. NOTE 2 - The term "conformity assessment" and the terms first-party conformity assessment activity, second-party conformity assessment activity and third-party conformity assessment activity are defined in ISO/IEC 17000.