• There are no items in your cart

DD IEC/PAS 62443-3:2008

Current

Current

The latest, up-to-date edition.

Security for industrial process measurement and control Network and system security

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

29-08-2008

INTRODUCTION
1 Scope
2 Normative references
3 Terms, definitions, symbols, abbreviated terms and
  conventions
  3.1 Terms and definitions
  3.2 Symbols and abbreviated terms
4 Introduction and compliance
5 Principles and reference models
  5.1 General
  5.2 Threat-risk model
  5.3 Security life cycle
  5.4 Policy
  5.5 Generic reference configurations
  5.6 Protection models
6 ICS security policy - Overview
7 ICS security policy - Principles and assumptions
  7.1 ICS security policy - Principles
  7.2 ICS security policy - Assumptions and exclusions
  7.3 ICS security policy - Organization and management
8 ICS security policy - Measures
  8.1 Availability management
  8.2 Integrity management
  8.3 Logical access management
  8.4 Physical access management
  8.5 Partition management
  8.6 External access management
Annex A - Projected new edition of IEC 62443
Bibliography

Describes a framework for securing information and communication technology aspects of industrial process measurement and control systems including its networks and devices on those networks, during the operational phase of the plant's life cycle.

Committee
GEL/65/3
DocumentType
Standard
Pages
56
PublisherName
British Standards Institution
Status
Current

This PAS establishes a framework for securing information and communication technology aspects of industrial process measurement and control systems including its networks and devices on those networks, during the operational phase of the plant’s life cycle. This PAS provides guidance on a plant’s operational security requirements and is primarily intended for automation system owners/operators (responsible for ICS operation) Furthermore, the operational requirements of this PAS may interest ICS stakeholders such as: automation system designers; manufacturers (vendors) of devices, subsystems, and systems; integrators of subsystems and systems. The PAS allows for the following concerns: graceful migration/evolution of existing systems; meeting security objectives with existing COTS technologies and products; assurance of reliability/availability of the secured communications services; applicability to systems of any size and risk (scalability); coexistence of safety, legal and regulatory and automation functionality requirements with security requirements. NOTE 1 Plants and systems may contain safety critical components and devices. Any safety-related security components may be subject to certification based on IEC 61508 and according to the SILs therein. This PAS does not guarantee that its specifications are all or in part appropriate or sufficient for the security of such safety critical components and devices. NOTE 2 This PAS does not include requirements for security assurance evaluation and testing. NOTE 3 The measures provided by this PAS are rather process-based and general in nature than technically specific or prescriptive in terms of technical countermeasures and configurations. NOTE 4 The procedures of this PAS are written with the plant owner/operator\'s mind set. NOTE 5 This PAS does not cover the concept, design and implementation live cycle processes, i.e. requirements on control equipment manufacturer\'s future product development cycle. NOTE 6 This PAS does not cover the integration of components and subsystems into a system. NOTE 7 This PAS does not cover procurement for integration into an existing system, i.e. procurement requirements for owner/operators of a plant. NOTE 8 This PAS will be extended into a 3-part International Standard to cover most of the restrictions expressed in the previous notes; for the planned scope of the extended standards, refer to Annex A.

Standards Relationship
IEC PAS 62443-3:2008 Identical

ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
ISO/IEC TR 13335-5:2001 Information technology Guidelines for the management of IT Security Part 5: Management guidance on network security
ISO/IEC TR 15443-1:2012 Information technology Security techniques Security assurance framework Part 1: Introduction and concepts
ISO/IEC 27002:2013 Information technology Security techniques Code of practice for information security controls
ISO/IEC 21827:2008 Information technology Security techniques Systems Security Engineering Capability Maturity Model (SSE-CMM)
ISO/IEC 15288:2008 Systems and software engineering System life cycle processes
ISO/IEC Guide 73:2002 Risk management Vocabulary Guidelines for use in standards
ISO/IEC TR 13335-4:2000 Information technology Guidelines for the management of IT Security Part 4: Selection of safeguards
ISO/IEC TR 15446:2017 Information technology Security techniques Guidance for the production of protection profiles and security targets
ISO/IEC 13335-1:2004 Information technology Security techniques Management of information and communications technology security Part 1: Concepts and models for information and communications technology security management

View more information
€284.10
Excluding VAT

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.