IEC TS 62443-1-1:2009
Current
The latest, up-to-date edition.
Industrial communication networks - Network and system security - Part 1-1: Terminology, concepts and models
Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users
English
30-07-2009
Important note : Users cannot be edited or removed once added to your Multi user PDF.
FOREWORD
INTRODUCTION
1 Scope
1.1 General
1.2 Included functionality
1.3 Systems and interfaces
1.4 Activity-based criteria
1.5 Asset-based criteria
2 Normative references
3 Terms, definitions and abbreviations
3.1 General
3.2 Terms and definitions
3.3 Abbreviations
4 The situation
4.1 General
4.2 Current systems
4.3 Current trends
4.4 Potential impact
5 Concepts
5.1 General
5.2 Security objectives
5.3 Foundational requirements
5.4 Defence in depth
5.5 Security context
5.6 Threat-risk assessment
5.6.1 General
5.6.2 Assets
5.6.3 Vulnerabilities
5.6.4 Risk
5.6.5 Threats
5.6.6 Countermeasures
5.7 Security program maturity
5.7.1 Overview
5.7.2 Maturity phases
5.8 Policies
5.8.1 Overview
5.8.2 Enterprise level policy
5.8.3 Operational policies and procedures
5.8.4 Topics covered by policies and procedures
5.9 Security zones
5.9.1 General
5.9.2 Determining requirements
5.10 Conduits
5.10.1 General
5.10.2 Channels
5.11 Security levels
5.11.1 General
5.11.2 Types of security levels
5.11.3 Factors influencing SL(achieved) of a zone or
conduit
5.11.4 Impact of countermeasures and inherent security
properties of devices and systems
5.12 Security level lifecycle
5.12.1 General
5.12.2 Assess phase
5.12.3 Develop and implement phase
5.12.4 Maintain phase
6 Models
6.1 General
6.2 Reference models
6.2.1 Overview
6.2.2 Reference model levels
6.3 Asset models
6.3.1 Overview
6.3.2 Enterprise
6.3.3 Geographic sites
6.3.4 Area
6.3.5 Lines, units, cells, vehicles
6.3.6 Supervisory control equipment
6.3.7 Control equipment
6.3.8 Field I/O network
6.3.9 Sensors and actuators
6.3.10 Equipment under control
6.4 Reference architecture
6.5 Zone and conduit model
6.5.1 General
6.5.2 Defining security zones
6.5.3 Zone identification
6.5.4 Zone characteristics
6.5.5 Defining conduits
6.5.6 Conduit characteristics
6.6 Model relationships
Bibliography
IEC/TS 62443-1-1:2009(E) is a technical specification which defines the terminology, concepts and models for Industrial Automation and Control Systems (IACS) security. It establishes the basis for the remaining standards in the IEC 62443 series.
| DevelopmentNote |
Stability Date: 2018. (10/2012)
|
| DocumentType |
Technical Specification
|
| ISBN |
978-2-88910-710-0
|
| Pages |
81
|
| PublisherName |
International Electrotechnical Committee
|
| Status |
Current
|
| Standards | Relationship |
| CAN/CSA-IEC/TS 62443-1-1:17 | Identical |
| SA TS IEC 62443.1.1:2024 | Identical |
| PD IEC/TS 62443-1-1:2009 | Identical |
| CAN/CSA-IEC 62443-2-1:17 | Industrial communication networks — Network and system security — Part 2-1: Establishing an industrial automation and control system security program (Adopted IEC 62443-2-1:2010, first edition, 2010-11) | Réseaux industriels de communication — Sécurité dans les réseaux et les systèmes — Partie 2-1 : Établissement d’un programme de sécurité pour les systèmes d’automatisation et de commande industrielles (norme IEC 62443-2-1:2010 adoptée, première édition, 2010-11) |
| AAMI TIR57 : 2016 | PRINCIPLES FOR MEDICAL DEVICE SECURITY - RISK MANAGEMENT |
| AAMI/IEC TIR80001-2-8:2016 | APPLICATION OF RISK MANAGEMENT FOR IT NETWORKS INCORPORATING MEDICAL DEVICES - PART 2-8: APPLICATION GUIDANCE - GUIDANCE ON STANDARDS FOR ESTABLISHING THE SECURITY CAPABILITIES IDENTIFIED IN IEC 80001-2-2 |
| I.S. EN 62734:2015 | INDUSTRIAL NETWORKS - WIRELESS COMMUNICATION NETWORK AND COMMUNICATION PROFILES - ISA 100.11A |
| EN IEC 62933-1:2018 | Electrical Energy Storage (EES) systems - Part 1: Vocabulary |
| EN IEC 62443-4-1:2018 | Security for industrial automation and control systems - Part 4-1: Secure product development lifecycle requirements |
| EN 62453-1:2017 | Field Device Tool (FDT) interface specification - Part 1: Overview and guidance |
| EN 62734:2015 | Industrial networks - Wireless communication network and communication profiles - ISA 100.11a |
| PD ISO/IEC TR 27019:2013 | Information technology. Security techniques. Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry |
| IEC TS 62933-4-1:2017 | Electrical energy storage (EES) systems - Part 4-1: Guidance on environmental issues - General specification |
| 17/30352678 DC : 0 | BS IEC 63074 ED1.0 - SAFETY OF MACHINERY - SECURITY ASPECTS RELATED TO FUNCTIONAL SAFETY OF SAFETY-RELATED CONTROL SYSTEMS |
| 17/30355373 DC : 0 | BS ISO/IEC 27019 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY CONTROLS FOR THE ENERGY UTILITY INDUSTRY |
| IEC 62933-1:2018 | Electrical energy storage (EES) systems - Part 1: Vocabulary |
| I.S. EN 62453-1:2017 | FIELD DEVICE TOOL (FDT) INTERFACE SPECIFICATION - PART 1: OVERVIEW AND GUIDANCE |
| IEC TR 62837:2013 | Energy efficiency through automation systems |
| NEMA CPSP 1 : 2015 | SUPPLY CHAIN BEST PRACTICES |
| PD IEC/TS 62872:2015 | Industrial-process measurement, control and automation system interface between industrial facilities and the smart grid |
| CAN/CSA-IEC 62443-2-4:17 | Security for industrial automation and control systems — Part 2-4: Security program requirements for IACS service providers (Adopted IEC 62443-2-4:2015, first edition, 2015-06) | Sécurité des automatismes industriels et des systèmes de commande — Partie 2-4 : Exigences de programme de sécurité pour les fournisseurs de service IACS (norme IEC 62443-2-4:2015 adoptée, première édition, 2015-06) |
| BS IEC 62443-2-1 : 2010 | INDUSTRIAL COMMUNICATION NETWORKS - NETWORK AND SYSTEM SECURITY - PART 2-1: ESTABLISHING AN INDUSTRIAL AUTOMATION AND CONTROL SYSTEM SECURITY PROGRAM |
| BS EN 62453-1:2017 | Field Device Tool (FDT) interface specification Overview and guidance |
| BS EN 62734:2015 | Industrial networks. Wireless communication network and communication profiles. ISA 100.11a |
| IEC 62443-2-1:2010 | Industrial communication networks - Network and system security - Part 2-1: Establishing an industrial automation and control system security program |
| IEC TR 80001-2-8:2016 | Application of risk management for IT-networks incorporating medical devices - Part 2-8: Application guidance - Guidance on standards for establishing the security capabilities identified in IEC TR 80001-2-2 |
| IEC 62734:2014 | Industrial networks - Wireless communication network and communication profiles - ISA 100.11a |
| PD IEC/TR 61850-90-12:2015 | Communication networks and systems for power utility automation Wide area network engineering guidelines |
| PD IEC/TR 80001-2-8:2016 | Application of risk management for IT-networks incorporating medical devices Application guidance. Guidance on standards for establishing the security capabilities identified in IEC TR 80001-2-2 |
| PD IEC/TR 62794:2012 | Industrial-process measurement, control and automation. Reference modelfor representation of production facilities (digital factory) |
| CAN/CSA-IEC 62443-3-3:17 | Industrial communication networks — Network and system security — Part 3-3: System security requirements and security levels (Adopted IEC 62443-3-3:2013, first edition, 2013-08) |
| I.S. EN IEC 62443-4-1:2018 | SECURITY FOR INDUSTRIAL AUTOMATION AND CONTROL SYSTEMS - PART 4-1: SECURE PRODUCT DEVELOPMENT LIFECYCLE REQUIREMENTS |
| I.S. EN IEC 62933-1:2018 | ELECTRICAL ENERGY STORAGE (EES) SYSTEMS - PART 1: VOCABULARY |
| IEC 62453-1:2016 | Field device tool (FDT) interface specification - Part 1: Overview and guidance |
| IEC TS 62933-5-1:2017 | Electrical energy storage (EES) systems - Part 5-1: Safety considerations for grid-integrated EES systems - General specification |
| BS IEC 62443-3-3:2013 | Industrial communication networks. Network and system security System security requirements and security levels |
| PD IEC/TR 62837:2013 | Energy efficiency through automation systems |
| PD IEC/TS 62832-1:2016 | Industrial-process measurement, control and automation. Digital factory framework General principles |
| PD IEC/TR 62443-2-3:2015 | Security for industrial automation and control systems Patch management in the IACS environment |
| CAN/CSA-IEC/TR 62443-2-3:17 | Security for industrial automation and control systems — Part 2-3: Patch management in the IACS environment (Adopted IEC technical report 62443-2-3:2015, first edition, 2015-06) |
| IEEE 2030.2-2015 | IEEE Guide for the Interoperability of Energy Storage Systems Integrated with the Electric Power Infrastructure |
| IEC TS 62832-1:2016 | Industrial-process measurement, control and automation - Digital factory framework - Part 1: General principles |
| ISO/IEC TR 27019:2013 | Information technology Security techniques Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry |
| IEC TS 62872:2015 | Industrial-process measurement, control and automation system interface between industrial facilities and the smart grid |
| CEI EN IEC 62061:2023 | Safety of machinery - Functional safety of safety-related control systems |
| FIPS PUB 140 : 0001 | SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES |
| IEC 62264-3:2016 | Enterprise-control system integration - Part 3: Activity models of manufacturing operations management |
| IEC 61511-1:2016+AMD1:2017 CSV | Functional safety - Safety instrumented systems for the process industry sector - Part 1: Framework, definitions, system, hardware and application programming requirements |
| IEC 62443-2-1:2010 | Industrial communication networks - Network and system security - Part 2-1: Establishing an industrial automation and control system security program |
| IEC 61508-4:2010 | Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations (see Functional Safety and IEC 61508) |
| ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
| IEC 61512-1:1997 | Batch control - Part 1: Models and terminology |
| IEC 61511-3:2016 | Functional safety - Safety instrumented systems for the process industry sector - Part 3: Guidance for the determination of the required safety integrity levels |
| IEC 62264-1:2013 | Enterprise-control system integration - Part 1: Models and terminology |
| ISO/IEC 15408-1:2009 | Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model |
| IEC 61513:2011 | Nuclear power plants - Instrumentation and control important to safety - General requirements for systems |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.