ANSI/ISA-62443-3-3 (99.03.03):2013

PREFACE
FOREWORD
0 Introduction
1 Scope
2 Normative references
3 Terms, definitions, abbreviated terms, acronyms, and
   conventions
4 Common control system security constraints
5 FR 1 - Identification and authentication control
6 FR 2 - Use control
7 FR 3 - System integrity
8 FR 4 - Data confidentiality
9 FR 5 - Restricted data flow
10 FR 6 - Timely response to events
11 FR 7 - Resource availability
Annex A (informative) - Discussion of the SL vector
Annex B (informative) - Mapping of SRs and REs to FR SL
        levels 1-4
BIBLIOGRAPHY

ANSI/ISA-62443-3-3-2013, Security for Industrial Automation and Control Systems – Part 3-3: System Security Requirements and Security Levels, specifies detailed security requirements for industrial automation and control systems (IACS). It breaks down seven foundational areas: identification and authentication, use control, system integrity, data confidentiality, restricted data flow, timely response to events and resource availability, into specific system-level functional requirements and enhancements mapped to four progressive security levels. This standard supports designing and evaluating control systems by assigning appropriate security capabilities based on risk assessments and threat complexity, using a flexible architecture model that segments systems into zones and conduits. It emphasizes applying security measures without disrupting essential functions or availability and allows compensating countermeasures when direct compliance is impractical. By focusing on defining what security capabilities are needed rather than prescribing how to implement them, this framework helps organizations select components and build systems aligned with evolving cyber threats in industrial environments, promoting practical, adaptable protection tailored to operational needs.