UNE-EN IEC 62443-4-1:2018
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
Security for industrial automation and control systems - Part 4-1: Secure product development lifecycle requirements (Endorsed by Asociación Española de Normalización in May of 2018.)
Hardcopy , PDF
English
01-05-2018
10-04-2019
This international standard specifies process requirements for the secure development of
products used in industry automation and control systems. It defines a secure development
life-cycle (SDL) including security requirements definition, secure design, secure
implementation (including coding guidelines), verification and validation, defect management,
patch management and product end-of-life. These requirements can be applied to new or
existing processes for developing, maintaining and retiring hardware, software or firmware for
new or existing products. These requirements apply to the developer and maintainer of the
product, but not to the user of the product.
NOTE This standard does not address security of manufacturing processes.
Figure 2 illustrates how the developed product relates to maintenance and integration
capabilities defined in IEC 62443 2 4 [7] and to its operation by the asset owner. The product
supplier develops products using a process compliant with this standard. Those products may
be a single component, such as an embedded controller, or a group of components working
together as a system or subsystem. The products are then integrated together, usually by a
system integrator, into an automation solution using a process compliant with IEC 62443 2 4.
The automation solution is then installed at a particular site and becomes part of the industrial
automation and control system (IACS). Some of these capabilities reference security
measures defined in IEC 62443 3 3 [10] that the service provider ensures are supported in
the automation solution (either as product features or compensating mechanisms). This
standard only addresses the process used for the development of the product; it does not
address design, installation or operation of the automation solution or IACS.
In Figure 2, the automation solution is illustrated to contain one or more subsystems and
optional supporting components such as advanced control. The dashed boxes indicate that
these components are optional .
NOTE 1 Automation solutions typically have a single product, but they are not restricted to do so. In general, the
automation solution is the set of hardware and software, independent of product packaging, that is used to control
a physical process (for example, continuous or manufacturing) as defined by the asset owner.
NOTE 2 If a service provider provides products used in the automation solution, then the service provider is
fulfilling the role of product supplier in this diagram.
| Committee |
CTN 203/SC 65
|
| DocumentType |
Standard
|
| Pages |
63
|
| PublisherName |
Asociación Española de Normalización
|
| Status |
Superseded
|
| Standards | Relationship |
| IEC 62443-4-1:2018 | Identical |
| EN IEC 62443-4-1:2018 | Identical |
Access your standards online with a subscription
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.
Important note : Users cannot be edited or removed once added to your Multi user PDF.