EN IEC 63208:2025
(Main)Low-voltage switchgear and controlgear and their assemblies - Security requirements
Low-voltage switchgear and controlgear and their assemblies - Security requirements
IEC 63208:2025 This document applies to the main functions of switchgear and controlgear and their assemblies, called equipment, in the context of operational technology (OT 3.1.34). It is applicable to equipment with wired or wireless data communication means and their physical accessibility, within their limits of environmental conditions. It is intended to achieve the appropriate physical and cybersecurity mitigation against vulnerabilities to security threats. This document provides requirements on the appropriate: – security risk assessment to be developed including the attack levels, the typical threats, the impact assessment and the relationship with safety; – levels of exposure of the communication interface and the determination of the equipment security level; – assessment of the exposure level of the communication interfaces; – assignment of the required security measures for the equipment; – countermeasures for the physical access and the environment derived from ISO/IEC 27001; – countermeasures referring to IEC 62443-4-2 with their criteria of applicability; – user instructions for installation, operation and maintenance; – conformance verification and testing, and – security protection profiles by family of equipment (Annex E to Annex I). In particular, it focuses on potential vulnerabilities to threats resulting in: – unintended operation, which can lead to hazardous situations; – unavailability of the protective functions (overcurrent, earth fault, etc.); – other degradation of main function. It also provides guidance on the cybersecurity management with the: – roles and responsibilities (Table 4); – typical architectures (Annex A); – use cases (Annex B); – development methods (Annex C); – recommendations to be provided to users and for integration into an assembly (Annex D); – bridging references to cybersecurity management systems (Annex K). This document does not cover security requirements for: – information technology (IT); – industrial automation and control systems (IACS), engineering workstations and their software applications; – critical infrastructure or energy management systems; – network device (communication network switch or virtual private network terminator), or – data confidentiality other than for critical security parameters; – design lifecycle management. For this aspect, see IEC 62443-4-1, ISO/IEC 27001 or other security lifecycle management standards.
Niederspannungsschaltgeräte und deren Niederspannungs-Schaltgerätekombinationen - Security Aspekte
Appareillages et ensembles d'appareillages à basse tension - Exigences de sécurité
IEC 63208:2025 Le présent document s'applique aux fonctions principales des appareillages et ensembles d'appareillages, appelés équipements, dans le contexte de la technologie d'exploitation (OT, 3.1.34). Il s'applique aux équipements équipés de moyens de communication de données filaires ou sans fil, ainsi qu'à leur accessibilité physique, dans les limites de leurs conditions d'environnement. Il a pour objet d'assurer l'atténuation appropriée de la sécurité physique et de la cybersécurité contre les vulnérabilités aux menaces à la sécurité. Le présent document fournit des exigences sur les aspects appropriés suivants: – l'appréciation du risque pour la sécurité à élaborer, y compris les niveaux d'attaque, les menaces types, l'appréciation de l'impact et la relation à la sécurité humaine; – les niveaux d'exposition de l'interface de communication et la détermination du niveau de sécurité de l'équipement; – l'évaluation du niveau d'exposition des interfaces de communication; – l'attribution des mesures de sécurité exigées pour l'équipement; – les contre-mesures pour l'accès physique et l'environnement selon l'ISO/IEC 27001; – les contre-mesures en référence à l'IEC 62443-4-2, avec leurs critères d'applicabilité; – les instructions pour l'utilisateur concernant l'installation, le fonctionnement et la maintenance; – la vérification et les essais de conformité; et – les profils de protection de la sécurité par famille d'équipements (de l'Annexe E à l'Annexe I). En particulier, il met l'accent sur les vulnérabilités potentielles aux menaces entraînant: – un fonctionnement non souhaitable, qui peut conduire à des situations dangereuses; – une indisponibilité des fonctions de protection (surintensité, défaut de terre, etc.); – toute autre dégradation de la fonction principale. Il fournit également des recommandations concernant le management de la cybersécurité, avec: – les rôles et responsabilités (Tableau 4); – les architectures types (Annexe A); – les cas d'utilisation (Annexe B); – les méthodes de développement (Annexe C); – les recommandations à fournir aux utilisateurs et à intégrer à un ensemble (Annexe D); – l'établissement de références aux systèmes de management de la cybersécurité (Annexe K). Le présent document ne fournit aucune exigence de sécurité en ce qui concerne: – les technologies de l'information (TI); – les systèmes d'automatisation et de commande industrielles (IACS, Industrial Automation And Control Systems), les postes de travail d'ingénierie et leurs applications logicielles; – les systèmes de management des infrastructures essentielles ou de l'énergie; – les dispositifs de réseau (commutateur de réseau de communication ou terminaison de réseau privé virtuel); ou – la confidentialité des données autre que pour les paramètres de sécurité critiques; – la gestion du cycle de vie de la conception. Pour cet aspect, voir l'IEC 62443-4-1, l'ISO/IEC 27001 ou d'autres normes de gestion du cycle de vie de la sécurité.
Nizkonapetostne stikalne in krmilne naprave ter njihovi sestavi - Varnostne zahteve (IEC 63208:2025)
Ta dokument se uporablja za glavne funkcije stikalnih in krmilnih naprav ter njihovih sestavov, s skupnim imenom »oprema«, v kontekstu operativne tehnologije (OT 3.1.34). Uporablja se za opremo s sredstvi za žično ali brezžično podatkovno komunikacijo in njihovo fizično dostopnost v okviru omejitev okoljskih pogojev. Namenjen je doseganju ustreznega fizičnega in kibernetskega blaženja dovzetnosti za varnostne grožnje.
Ta dokument določa zahteve glede ustreznosti:
– ocene varnostnega tveganja, ki jo je treba razviti, vključno z ravnmi napadov, tipičnimi grožnjami, oceno vpliva in razmerjem do varnosti;
– ravni izpostavljenosti komunikacijskega vmesnika in določitve ravni varnosti opreme;
– ocene ravni izpostavljenosti komunikacijskih vmesnikov;
– dodelitve zahtevanih varnostnih ukrepov za opremo;
– protiukrepov za fizični dostop in okolje, izpeljanih iz standarda ISO/IEC 27001;
– protiukrepov, ki se navezujejo na standard IEC 62443-4-2, in njihovih kriterijev uporabnosti;
– navodil za uporabnike v zvezi z namestitvijo, delovanjem in vzdrževanjem;
– preverjanja in preskušanja skladnosti; ter
– varnostnih profilov po skupinah opreme (dodatki E do I).
Zlasti se osredotoča na morebitno dovzetnost za grožnje, ki povzroči:
– nenamerno delovanje, ki lahko povzroči nevarne situacije;
– nerazpoložljivost zaščitnih funkcij (nadtok, okvara ozemljitve itd.);
– drugo poslabšanje glavne funkcije.
Vsebuje tudi smernice za upravljanje kibernetske varnosti, ki vključujejo:
– vloge in odgovornosti (preglednica 4);
– značilne arhitekture (dodatek A);
– primere uporabe (dodatek B);
– razvojne metode (dodatek C);
– priporočila za uporabnike in za integracijo v sestav (dodatek D);
– sklice na sisteme upravljanja kibernetske varnosti (dodatek K).
Ta dokument ne zajema varnostnih zahtev za:
– informacijsko tehnologijo (IT);
– industrijsko avtomatizacijo in nadzorne sisteme (IACS), inženirske delovne postaje in njihove programske aplikacije;
– kritično infrastrukturo ali sisteme za upravljanje energije;
– omrežno napravo (stikalo komunikacijskega omrežja ali naprava za prekinitev navideznega zasebnega omrežja);
– zaupnost podatkov, razen za kritične varnostne parametre;
– upravljanje življenjskega cikla zasnove. V zvezi s tem glej standard IEC 62443-4-1, ISO/IEC 27001 ali druge standarde o upravljanju življenjskega cikla varnosti.
Ta dokument kot publikacija o varnosti izdelkov temelji na vodilu IEC 120.
General Information
- Status
- Published
- Publication Date
- 02-Oct-2025
- Technical Committee
- CLC/SR 121 - Switchgear and controlgear and their assemblies for low voltage
- Current Stage
- 6060 - Document made available - Publishing
- Start Date
- 03-Oct-2025
- Due Date
- 19-Dec-2025
- Completion Date
- 03-Oct-2025
Overview
EN IEC 63208:2025 - Low-voltage switchgear and controlgear and their assemblies - Security requirements - defines security requirements for low-voltage switchgear and controlgear (equipment) used in operational technology (OT). The standard addresses wired and wireless communication interfaces, physical accessibility and environmental limits, and aims to mitigate physical and cybersecurity vulnerabilities that can cause unintended operation, loss of protective functions (e.g., overcurrent, earth-fault protection) or other degradation of the equipment’s main function.
Key topics and technical requirements
- Security risk assessment: Establishes attack levels, typical threats, impact assessment and the relationship between safety and security.
- Exposure and equipment security levels: Defines how to assess communication interface exposure and determine an equipment security level.
- Assignment of security measures: Maps exposure and risk results to required technical and procedural countermeasures.
- Physical access and environment controls: Countermeasures derived from ISO/IEC 27001 to protect physical access and environmental vectors.
- Technical countermeasures: References IEC 62443-4-2 for component-level security requirements (with applicability criteria).
- User information: Requirements for installation, operation and maintenance instructions to support secure integration and use.
- Conformance verification and testing: Methods and criteria to verify security requirements are met.
- Security protection profiles: Device-family profiles provided in Annex E–I to help manufacturers and integrators align implementations.
- Guidance and governance: Roles and responsibilities (Table 4), typical architectures (Annex A), use cases (Annex B), development methods (Annex C), and integration recommendations (Annex D). Annex K provides bridging references to cybersecurity management systems.
Note: EN IEC 63208:2025 explicitly excludes IT systems, general IACS engineering workstations, critical infrastructure energy management systems, network devices (e.g., switches or VPN terminators), wider data confidentiality (except critical security parameters) and design lifecycle management (see IEC 62443‑4‑1, ISO/IEC 27001 for lifecycle management).
Applications and who uses it
- Manufacturers of low-voltage switchgear and controlgear - to design products that meet OT security requirements and produce compliant user instructions.
- Panel builders and assembly integrators - to evaluate equipment security levels and apply appropriate countermeasures during assembly.
- System integrators and EPC contractors - to assess exposure, perform risk assessment and select equipment consistent with plant architectures.
- Safety and cybersecurity engineers - to align safety/security interactions and validate conformance through testing.
- Asset owners, operators and certification bodies - to specify procurement criteria, perform audits and verify compliance.
Related standards
- IEC 62443 series (notably IEC 62443‑4‑2, IEC 62443‑4‑1)
- ISO/IEC 27001 / ISO/IEC 27005
- IEC 61439-1 and IEC 60947 series for switchgear/assembly design
- ISO/IEC 15408 and device baseline standards for security evaluation
EN IEC 63208:2025 is essential reading for anyone specifying, designing, testing or operating secure low-voltage switchgear and controlgear in OT environments. Keywords: EN IEC 63208:2025, low-voltage switchgear, controlgear security, OT cybersecurity, IEC 62443, ISO/IEC 27001.
Frequently Asked Questions
EN IEC 63208:2025 is a standard published by CLC. Its full title is "Low-voltage switchgear and controlgear and their assemblies - Security requirements". This standard covers: IEC 63208:2025 This document applies to the main functions of switchgear and controlgear and their assemblies, called equipment, in the context of operational technology (OT 3.1.34). It is applicable to equipment with wired or wireless data communication means and their physical accessibility, within their limits of environmental conditions. It is intended to achieve the appropriate physical and cybersecurity mitigation against vulnerabilities to security threats. This document provides requirements on the appropriate: – security risk assessment to be developed including the attack levels, the typical threats, the impact assessment and the relationship with safety; – levels of exposure of the communication interface and the determination of the equipment security level; – assessment of the exposure level of the communication interfaces; – assignment of the required security measures for the equipment; – countermeasures for the physical access and the environment derived from ISO/IEC 27001; – countermeasures referring to IEC 62443-4-2 with their criteria of applicability; – user instructions for installation, operation and maintenance; – conformance verification and testing, and – security protection profiles by family of equipment (Annex E to Annex I). In particular, it focuses on potential vulnerabilities to threats resulting in: – unintended operation, which can lead to hazardous situations; – unavailability of the protective functions (overcurrent, earth fault, etc.); – other degradation of main function. It also provides guidance on the cybersecurity management with the: – roles and responsibilities (Table 4); – typical architectures (Annex A); – use cases (Annex B); – development methods (Annex C); – recommendations to be provided to users and for integration into an assembly (Annex D); – bridging references to cybersecurity management systems (Annex K). This document does not cover security requirements for: – information technology (IT); – industrial automation and control systems (IACS), engineering workstations and their software applications; – critical infrastructure or energy management systems; – network device (communication network switch or virtual private network terminator), or – data confidentiality other than for critical security parameters; – design lifecycle management. For this aspect, see IEC 62443-4-1, ISO/IEC 27001 or other security lifecycle management standards.
IEC 63208:2025 This document applies to the main functions of switchgear and controlgear and their assemblies, called equipment, in the context of operational technology (OT 3.1.34). It is applicable to equipment with wired or wireless data communication means and their physical accessibility, within their limits of environmental conditions. It is intended to achieve the appropriate physical and cybersecurity mitigation against vulnerabilities to security threats. This document provides requirements on the appropriate: – security risk assessment to be developed including the attack levels, the typical threats, the impact assessment and the relationship with safety; – levels of exposure of the communication interface and the determination of the equipment security level; – assessment of the exposure level of the communication interfaces; – assignment of the required security measures for the equipment; – countermeasures for the physical access and the environment derived from ISO/IEC 27001; – countermeasures referring to IEC 62443-4-2 with their criteria of applicability; – user instructions for installation, operation and maintenance; – conformance verification and testing, and – security protection profiles by family of equipment (Annex E to Annex I). In particular, it focuses on potential vulnerabilities to threats resulting in: – unintended operation, which can lead to hazardous situations; – unavailability of the protective functions (overcurrent, earth fault, etc.); – other degradation of main function. It also provides guidance on the cybersecurity management with the: – roles and responsibilities (Table 4); – typical architectures (Annex A); – use cases (Annex B); – development methods (Annex C); – recommendations to be provided to users and for integration into an assembly (Annex D); – bridging references to cybersecurity management systems (Annex K). This document does not cover security requirements for: – information technology (IT); – industrial automation and control systems (IACS), engineering workstations and their software applications; – critical infrastructure or energy management systems; – network device (communication network switch or virtual private network terminator), or – data confidentiality other than for critical security parameters; – design lifecycle management. For this aspect, see IEC 62443-4-1, ISO/IEC 27001 or other security lifecycle management standards.
EN IEC 63208:2025 is classified under the following ICS (International Classification for Standards) categories: 29.130.20 - Low voltage switchgear and controlgear. The ICS classification helps identify the subject area and facilitates finding related standards.
You can purchase EN IEC 63208:2025 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of CLC standards.
Standards Content (Sample)
SLOVENSKI STANDARD
01-november-2025
Nizkonapetostne stikalne in krmilne naprave ter njihovi sestavi - Varnostne
zahteve (IEC 63208:2025)
Low-voltage switchgear and controlgear and their assemblies - Security requirements
(IEC 63208:2025)
Niederspannungsschaltgeräte und deren Niederspannungs-Schaltgerätekombinationen -
Security Aspekte (IEC 63208:2025)
Appareillages et ensembles d'appareillages à basse tension - Exigences de sécurité
(IEC 63208:2025)
Ta slovenski standard je istoveten z: EN IEC 63208:2025
ICS:
29.130.20 Nizkonapetostne stikalne in Low voltage switchgear and
krmilne naprave controlgear
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
EUROPEAN STANDARD EN IEC 63208
NORME EUROPÉENNE
EUROPÄISCHE NORM October 2025
ICS 29.130.20
English Version
Low-voltage switchgear and controlgear and their assemblies -
Security requirements
(IEC 63208:2025)
Appareillages et ensembles d'appareillages à basse tension Niederspannungsschaltgeräte und deren Niederspannungs-
- Exigences de sécurité Schaltgerätekombinationen - Security Aspekte
(IEC 63208:2025) (IEC 63208:2025)
This European Standard was approved by CENELEC on 2025-09-26. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Türkiye and the United Kingdom.
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2025 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN IEC 63208:2025 E
European foreword
The text of document 121/221/FDIS, future edition 1 of IEC 63208, prepared by TC 121 "Switchgear
and controlgear and their assemblies for low voltage" was submitted to the IEC-CENELEC parallel
vote and approved by CENELEC as EN IEC 63208:2025.
The following dates are fixed:
• latest date by which the document has to be implemented at national (dop) 2026-10-31
level by publication of an identical national standard or by endorsement
• latest date by which the national standards conflicting with the (dow) 2028-10-31
document have to be withdrawn
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national committee. A
complete listing of these bodies can be found on the CENELEC website.
Endorsement notice
The text of the International Standard IEC 63208:2025 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standard indicated:
IEC 60204-1:2016 NOTE Approved as EN 60204-1:2018
IEC 60364-1 NOTE Approved as HD 60364-1
IEC 60364-4-41 NOTE Approved as HD 60364-4-41
IEC 60364-4-43 NOTE Approved as HD 60364-4-43
IEC 60870-5 (series) NOTE Approved as EN 60870-5 (series)
IEC 60947-2 NOTE Approved as EN IEC 60947-2
IEC 60947-4-1 NOTE Approved as EN IEC 60947-4-1
IEC 60947-4-2 NOTE Approved as EN IEC 60947-4-2
IEC 60947-4-3 NOTE Approved as EN IEC 60947-4-3
IEC 60947-5-1 NOTE Approved as EN IEC 60947-5-1
IEC 60947-5-2 NOTE Approved as EN IEC 60947-5-2
IEC 60947-5-3 NOTE Approved as EN 60947-5-3
IEC 60947-5-5 NOTE Approved as EN 60947-5-5
IEC 60947-5-7 NOTE Approved as EN IEC 60947-5-7
IEC 60947-6-1 NOTE Approved as EN IEC 60947-6-1
IEC 60947-6-2 NOTE Approved as EN IEC 60947-6-2
IEC 61439-1:2020 NOTE Approved as EN IEC 61439-1:2021 (not modified)
IEC 61508-2 NOTE Approved as EN 61508-2
IEC 61439-2 NOTE Approved as EN IEC 61439-2
IEC 62061 NOTE Approved as EN IEC 62061
IEC 62264-1 NOTE Approved as EN 62264-1
IEC 62351 (series) NOTE Approved as EN IEC 62351 (series)
IEC 62351-5 NOTE Approved as EN IEC 62351-5
IEC 62351-6 NOTE Approved as EN IEC 62351-6
IEC 62351-8 NOTE Approved as EN IEC 62351-8
IEC 62351-9 NOTE Approved as EN IEC 62351-9
IEC 62443 (series) NOTE Approved as EN IEC 62443 (series)
IEC 62443-2-1 NOTE Approved as EN IEC 62443-2-1
IEC 62443-2-4 NOTE Approved as EN IEC 62443-2-4
IEC 62443-3-3:2013 NOTE Approved as EN IEC 62443-3-3:2019 (not modified)
IEC 62559-2:2015 NOTE Approved as EN 62559-2:2015 (not modified)
IEC/TR 63069 NOTE Approved as CLC IEC/TR 63069
IEC/TR 63201:2019 NOTE Approved as CLC IEC/TR 63201:2020 (not modified)
ISO/IEC 15408-1:2022 NOTE Approved as EN ISO/IEC 15408-1:2023 (not modified)
ISO/IEC 15408-2:2022 NOTE Approved as EN ISO/IEC 15408-2:2023 (not modified)
ISO/IEC 27000:2018 NOTE Approved as EN ISO/IEC 27000:2020 (not modified)
ISO/IEC 27002:2022 NOTE Approved as EN ISO/IEC 27002:2022 (not modified)
ISO/TS 14441:2013 NOTE Approved as CEN ISO/TS 14441:2013 (not modified)
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments)
applies.
NOTE 1 Where an International Publication has been modified by common modifications, indicated by (mod),
the relevant EN/HD applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available
here: www.cencenelec.eu.
Publication Year Title EN/HD Year
IEC 60364-7-729 - Low-voltage electrical installations - Part 7- HD 60364-7-729 -
729: Requirements for special installations
or locations - Operating or maintenance
gangways
IEC 60947-1 2020 Low-voltage switchgear and controlgear - EN IEC 60947-1 2021
Part 1: General rules
IEC 61439-1 2020 Low-voltage switchgear and controlgear EN IEC 61439-1 2021
assemblies - Part 1: General rules
IEC 62443-3-2 2020 Security for industrial automation and EN IEC 62443-3-2 2020
control systems - Part 3-2: Security risk
assessment for system design
IEC 62443-4-1 2018 Security for industrial automation and EN IEC 62443-4-1 2018
control systems - Part 4-1: Secure product
development lifecycle requirements
IEC 62443-4-2 2019 Security for industrial automation and EN IEC 62443-4-2 2019
control systems - Part 4-2: Technical
security requirements for IACS components
IEC/TS 62443-6-2 2025 Security for industrial automation and - -
control systems - Part 6-2: Security
evaluation methodology for IEC 62443-4-2
ISO/IEC 27001 2022 Information security, cybersecurity and EN ISO/IEC 27001 2023
privacy protection - Information security
management systems - Requirements
+ A1 2024 + A1 2024
ISO/IEC 27005 2022 Information security, cybersecurity and EN ISO/IEC 27005 2024
privacy protection - Guidance on managing
information security risks
ISO/IEC 27402 2023 Cybersecurity - IoT security and privacy - - -
Device baseline requirements
IEC 63208 ®
Edition 1.0 2025-08
INTERNATIONAL
STANDARD
Low-voltage switchgear and controlgear and their assemblies - Security
requirements
ICS 29.130.20 ISBN 978-2-8327-0604-6
IEC 63208:2025-08(en)
IEC 63208:2025 © IEC 2025
CONTENTS
FOREWORD. 8
INTRODUCTION . 10
1 Scope . 12
2 Normative references . 13
3 Terms, definitions and abbreviated terms . 13
3.1 Terms and definitions . 13
3.2 Abbreviated terms . 19
4 General . 20
5 Security objectives . 20
6 Security lifecycle management . 20
6.1 General . 20
6.2 Security risk assessment . 22
6.2.1 General . 22
6.2.2 Relationship between safety and security . 23
6.2.3 Impact assessment . 24
6.2.4 Security risk assessment result . 24
6.3 Response to security risk . 24
6.4 Security requirement specification . 25
6.5 Roles and responsibilities . 25
6.6 Important data . 26
6.7 Control system architecture . 26
6.7.1 Control system . 26
6.7.2 Levels of communication functionalities . 26
6.7.3 Levels of connectivity . 28
6.7.4 Exposure levels of equipment . 30
6.7.5 Equipment security levels . 30
6.7.6 Security protection profile . 31
7 Security requirements . 32
7.1 General . 32
7.2 Physical access and environment . 32
7.2.1 PA – Physical access and environment requirement . 32
7.2.2 Physical access and environment rationale . 32
7.2.3 PA-e – Physical access and environment enhancement . 33
7.2.4 Physical access and environment typical implementation . 34
7.3 Equipment requirement . 34
7.3.1 General . 34
7.3.2 FR 1 – Identification and authentication control . 35
7.3.3 FR 2 – Use control . 39
7.3.4 FR 3 – System integrity . 44
7.3.5 FR 4 – Data confidentiality . 50
7.3.6 FR 5 – Restricted data flow . 51
7.3.7 FR 6 – Timely response to events . 51
7.3.8 FR 7 – Resource availability . 52
8 Instructions for installation, operation and maintenance . 55
8.1 User instruction requirement . 55
8.2 User instruction enhancement . 56
IEC 63208:2025 © IEC 2025
8.3 User instruction implementation . 56
9 Conformance verification and testing. 57
9.1 General . 57
9.2 Design documentation . 57
9.3 Physical access . 57
9.3.1 Verification of physical access and environment . 57
9.3.2 Verdict criterion . 57
9.3.3 Physical access and environment enhancement . 57
9.3.4 Verdict criterion . 57
9.4 FR 1 – Identification and authentication control . 57
9.4.1 CR 1.1 – Human user identification and authentication . 57
9.4.2 CR 1.2 – Software and equipment identification and authentication . 58
9.4.3 CR 1.5 – Authenticator management . 58
9.4.4 CR 1.7 – Strength of password-based authentication . 59
9.4.5 CR 1.8 – Public key infrastructure certificates . 59
9.4.6 CR 1.9 – Strength of public key-based authentication . 60
9.4.7 CR 1.10 – Authenticator feedback . 60
9.4.8 CR 1.11 – Unsuccessful login attempts . 60
9.4.9 CR 1.14 – Strength of symmetric key-based authentication . 61
9.5 FR 2 – Use control . 61
9.5.1 CR 2.1 – Authorisation enforcement . 61
9.5.2 CR 2.2 – Wireless use control . 61
9.5.3 EDR 2.4 – Mobile code . 62
9.5.4 CR 2.5 – Session lock . 62
9.5.5 CR 2.6 – Remote session termination . 62
9.5.6 CR 2.7 – Concurrent session control . 63
9.5.7 CR 2.8 – Auditable events . 63
9.5.8 CR 2.9 – Audit storage capacity . 63
9.5.9 CR 2.10 – Response to audit processing failures . 64
9.5.10 CR 2.11 – Timestamps . 64
9.5.11 CR 2.12 – Non-repudiation . 65
9.5.12 EDR 2.13 – Use of physical diagnostic and test interfaces . 65
9.6 FR 3 – System integrity . 65
9.6.1 CR 3.1 – Communication integrity . 65
9.6.2 EDR 3.2 – Protection from malicious code . 66
9.6.3 CR 3.3 – Security functionality verification . 66
9.6.4 CR 3.4 – Software and information integrity . 66
9.6.5 CR 3.5 – Input validation . 67
9.6.6 CR 3.6 – Deterministic output . 67
9.6.7 CR 3.7 – Error handling . 67
9.6.8 CR 3.8 – Session Integrity . 67
9.6.9 CR 3.9 – Protection of audit information . 68
9.6.10 EDR 3.10 – Support for updates . 68
9.6.11 EDR 3.11 – Physical tamper resistance and detection . 68
9.6.12 EDR 3.12 – Provisioning product supplier roots of trust . 69
9.6.13 EDR 3.13 – Provisioning asset owner roots of trust . 69
9.6.14 EDR 3.14 – Integrity of the boot process. 69
9.7 FR 4 – Data confidentiality . 70
9.7.1 CR 4.1 – Information confidentiality . 70
IEC 63208:2025 © IEC 2025
9.7.2 CR 4.3 – Use of cryptography . 70
9.8 FR 6 – Timely response to events . 70
9.8.1 CR 6.1 – Audit log accessibility . 70
9.9 FR 7 – Resource availability . 71
9.9.1 CR 7.1 – Denial of service protection . 71
9.9.2 CR 7.2 – Resource management . 71
9.9.3 CR 7.3 – Control system backup . 71
9.9.4 CR 7.4 – Control system recovery and reconstitution . 72
9.9.5 CR 7.6 – Network and security configuration settings . 72
9.9.6 CR 7.7 – Least functionality . 72
9.9.7 CR 7.8 – Control system inventory . 72
Annex A (informative) Cybersecurity and electrical system architecture . 74
A.1 General . 74
A.2 Typical architecture involving switchgear, controlgear and their assembly . 74
A.2.1 Building . 74
A.2.2 Manufacturing . 75
Annex B (informative) Use case studies . 77
B.1 General . 77
B.2 Use case 1 – Protection against Denial of Service (DoS) attack . 78
B.3 Use case 2 – Protection against unauthorised modification of sensing device . 79
B.4 Use case 3 – Protection against unauthorised modification of wireless
equipment . 80
B.5 Use case 4 – Protection against threat actor remotely taking control of a
"managing" intelligent assembly . 81
Annex C (informative) Development methods of cybersecurity measures . 82
Annex D (informative) Security related instructions in the product documentation . 83
D.1 General . 83
D.2 Risk assessment and security planning . 83
D.2.1 Risk assessment . 83
D.2.2 Security plan . 83
D.3 Recommendations for design and installation of the system integrating
switchgear, controlgear and their assemblies . 84
D.3.1 General access control . 84
D.3.2 Recommendations for local access . 84
D.3.3 Recommendations for remote access . 85
D.3.4 Recommendations for firmware upgrades . 86
D.3.5 Recommendations for the end of life . 86
D.4 Instructions for an assembly . 86
Annex E (normative) Security protection profile of soft-starter and semiconductor
controller . 87
E.1 Introduction . 87
E.1.1 Security protection profile reference . 87
E.1.2 Target of evaluation overview . 87
E.1.3 General mission objectives . 88
E.1.4 Features . 88
E.1.5 Product usage . 88
E.1.6 Users . 88
E.2 Assumptions . 89
E.3 Conformance claims and conformance statement . 89
IEC 63208:2025 © IEC 2025
E.4 Security problem definition . 89
E.4.1 Critical assets of the environment . 89
E.4.2 ToE critical assets . 90
E.4.3 Threat modelFR 7 – Resource availability . 90
E.5 Security objectives . 91
E.6 Security requirements . 91
E.6.1 Security functional requirements . 91
E.6.2 Security assurance requirements . 91
Annex F (normative) Security protection profile of network connected motor starter . 92
F.1 Introduction . 92
F.1.1 Security protection profile reference . 92
F.1.2 Target of evaluation overview . 92
F.1.3 General mission objectives . 93
F.1.4 Features . 93
F.1.5 Product usage . 93
F.1.6 Users . 93
F.2 Assumptions . 94
F.3 Conformance claims and conformance statement . 94
F.4 Security problem definition . 94
F.4.1 Critical assets of the environment . 94
F.4.2 ToE critical assets . 95
F.4.3 Threat model . 95
F.5 Security objectives . 96
F.6 Security requirements . 96
F.6.1 Security functional requirements . 96
F.6.2 Security assurance requirements . 96
Annex G (normative) Security protection profile of circuit-breaker . 97
G.1 Introduction . 97
G.1.1 Security protection profile reference . 97
G.1.2 Target of evaluation overview . 97
G.1.3 General mission objectives . 98
G.1.4 Features . 98
G.1.5 Product usage . 98
G.1.6 Users . 98
G.2 Assumptions . 99
G.3 Conformance claims and conformance statement . 99
G.4 Security problem definition . 99
G.4.1 Critical assets of the environment . 99
G.4.2 ToE critical assets . 100
G.4.3 Threat model . 100
G.5 Security objectives . 101
G.6 Security requirements . 101
G.6.1 Security functional requirements . 101
G.6.2 Security assurance requirements . 101
Annex H (normative) Security protection profile of transfer switch equipment . 102
H.1 Introduction . 102
H.1.1 Security protection profile reference . 102
H.1.2 Target of evaluation overview . 102
H.1.3 General mission objectives . 103
IEC 63208:2025 © IEC 2025
H.1.4 Features . 103
H.1.5 Product usage . 103
H.1.6 Users . 103
H.2 Assumptions . 104
H.3 Conformance claims and conformance statement . 104
H.4 Security problem definition . 104
H.4.1 Critical assets of the environment . 104
H.4.2 ToE critical assets . 105
H.4.3 Threat model . 105
H.5 Security objectives . 106
H.6 Security requirements . 106
H.6.1 Security functional requirements . 106
H.6.2 Security assurance requirements . 107
Annex I (normative) Security protection profile for wireless controlgear with its
communication interface . 108
I.1 Introduction . 108
I.1.1 Security protection profile reference . 108
I.1.2 Target of evaluation overview . 108
I.1.3 General mission objectives . 109
I.1.4 Features . 109
I.1.5 Product usage . 109
I.1.6 Users . 109
I.2 Assumptions . 109
I.3 Conformance claims and conformance statement . 110
I.4 Security problem definition . 110
I.4.1 Critical assets of the environment . 110
I.4.2 ToE critical assets . 110
I.4.3 Threat model . 111
I.5 Security objectives . 111
I.6 Security requirements . 112
I.6.1 Security functional requirements . 112
I.6.2 Security assurance requirements . 112
Annex J (informative) Equipment requirements by level of exposure . 113
Annex K (informative) Bridging references to cybersecurity management systems . 115
Annex L (informative) Mapping of provisions to the essential cybersecurity
requirements of the European Cyber Resilient Act Annexes . 120
Bibliography . 123
Figure 1 – Standard landscape . 11
Figure 2 – Example of physical interfaces of an embedded device in an equipment
which can be subject to an attack . 22
Figure 3 – Example of relation between security and safety . 23
Figure 4 – Control system architecture with switchgear and controlgear . 27
Figure 5 – Control system connectivity level C1 . 28
Figure 6 – Control system connectivity level C2 . 28
Figure 7 – Control system connectivity level C3 . 28
Figure 8 – Control system connectivity level C4 . 29
Figure 9 – Control system connectivity level C5 . 29
IEC 63208:2025 © IEC 2025
Figure 10 – Structure of a security protection profile . 31
Figure 11 – Example of security instruction symbol . 56
Figure A.1 – Building electrical architecture . 75
Figure A.2 – Industrial plants . 76
Figure E.1 – Machinery control architecture . 87
Figure F.1 – Machinery control architecture . 92
Figure G.1 – Circuit-breaker in its environment . 97
Figure H.1 – Functional units of the transfer switch equipment . 102
Figure I.1 – Machinery control architecture . 108
Table 1 – Potential attack levels . 21
Table 2 – Typical threats . 21
Table 3 – Impact evaluation . 24
Table 4 – Roles related to security responsibilities . 25
Table 5 – Level of exposure of an equipment . 30
Table 6 – Equipment security level . 31
Table 7 – Physical access related requirement references . 33
Table 8 – Physical access enhancement related requirement references . 33
Table B.1 – List of actors . 77
Table B.2 – Base line requirement. 77
Table B.3 – Security problems of use cases . 77
Table E.1 – Security requirements for the critical assets of the environment . 89
Table E.2 – Security requirements for the critical assets . 90
Table E.3 – Security functional requirements . 91
Table F.1 – Security requirements for the critical assets of the environment . 95
Table F.2 – Security requirements for the critical assets . 95
Table F.3 – Security functional requirements . 96
Table G.1 – Security requirements for the critical assets of the environment . 100
Table G.2 – Security requirements for the critical assets . 100
Table G.3 – Security functional requirements . 101
Table H.1 – Security requirements for the critical assets of the environment. 105
Table H.2 – Security requirements for the critical assets . 105
Table H.3 – Security functional requirements . 106
Table I.1 – Security requirements for the critical assets of the environment . 110
Table I.2 – Security requirements for the critical assets . 111
Table I.3 – Security functional requirements . 112
Table J.1 – Equipment requirements by level of exposure . 113
Table K.1 – Useful security standards . 115
Table K.2 – Contribution of switchgear, controlgear and their assemblies to ISO and
IEC horizontal security framework . 117
Table K.3 – Mapping to other security framework . 118
Table K.4 – Requirements for IACS not relevant for switchgear, controlgear and their
assemblies . 118
IEC 63208:2025 © IEC 2025
Table K.5 – Requirements for IoT device not relevant for switchgear, controlgear and
their assemblies . 119
Table L.1 – Mapping to the essential cybersecurity requirements of the CRA Annex I . 120
IEC 63208:2025 © IEC 2025
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
Low-voltage switchgear and controlgear and their assemblies -
Security requirements
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international
co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and
in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,
Publicly Available Specifications (PAS) and Guides (hereafter referred to as "IEC Publication(s)"). Their
preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with
may participate in this preparatory work. International, governmental and non-governmental organizations liaising
with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for
Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence between
any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for
...
La norme SIST EN IEC 63208:2025 se révèle être un document essentiel pour le domaine des équipements de basse tension, en mettant un accent particulier sur les exigences de sécurité. Le champ d'application de cette norme englobe non seulement les fonctions principales des appareillages et des ensembles de contrôle, mais également les moyens de communication de données, qu'ils soient filaires ou sans fil. Un des points forts de cette norme réside dans son approche exhaustive de l’évaluation des risques de sécurité, qui inclut l'analyse des niveaux d'attaque, des menaces typiques, ainsi que de l'impact sur la sécurité. La norme fournit des exigences précises concernant l'évaluation du niveau d'exposition des interfaces de communication et la détermination du niveau de sécurité des équipements. En assignant des mesures de sécurité adéquates, elle permet de renforcer la résilience face aux menaces potentielles. Ce document aborde également les contre-mesures pour l'accès physique et l'environnement, en se référant à des normes reconnues comme l'ISO/IEC 27001 et l'IEC 62443-4-2, ce qui témoigne de sa pertinence dans le cadre des meilleures pratiques de cybersécurité. Un autre atout de cette norme est sa capacité à guider les utilisateurs dans l'installation, l'exploitation et la maintenance des équipements, tout en offrant des profils de protection de sécurité par famille d'équipements, ce qui est particulièrement utile pour les intégrateurs et les utilisateurs finaux. De plus, la norme prend en compte les vulnérabilités spécifiques qui peuvent entraîner des opérations inappropriées et compromettre la disponibilité des fonctions de protection. Cependant, il est important de noter que cette norme ne s'applique pas aux systèmes de technologie de l'information (IT), ce qui pourrait limiter son utilisation dans un cadre intégrant des systèmes d'automatisation industrielle ou des infrastructures critiques. Néanmoins, son équivalence avec d’autres normes de gestion du cycle de vie de la sécurité comme IEC 62443-4-1 et ISO/IEC 27001 renforce sa valeur en tant que base solide pour établir des exigences de sécurité adaptées. En conclusion, la norme SIST EN IEC 63208:2025 se positionne comme un document fondamental, offrant des directives claires et des exigences consistantes pour assurer une sécurité optimale des équipements de basse tension et de leurs assemblages dans un environnement technologique en constante évolution.
The EN IEC 63208:2025 standard serves a critical role in the context of low-voltage switchgear and controlgear and their assemblies, specifically focusing on security requirements. This document is primarily aimed at operational technology (OT) environments, making it highly relevant to equipment that relies on both wired and wireless data communication methods. One of the standout strengths of this standard is its comprehensive approach to addressing security vulnerabilities. It mandates a robust security risk assessment framework that evaluates attack levels, typical threats, and impact assessments, which is essential for establishing a solid foundation for mitigating security risks. Additionally, the emphasis on physical accessibility within environmental limits underscores the standard’s relevance in practical applications. The document provides clear requirements for determining equipment security levels and exposure assessments of communication interfaces. This structured requirement is integral for organizations seeking to implement effective cybersecurity measures tailored to their specific equipment. By outlining the assignment of necessary security measures and countermeasures referencing ISO/IEC 27001 and IEC 62443-4-2, the standard underscores its commitment to maintaining both physical and cybersecurity. Moreover, EN IEC 63208:2025 effectively addresses potential vulnerabilities that can lead to unintended operations or degradation of main functions, emphasizing the importance of maintaining operational integrity in low-voltage systems. The inclusion of user instructions for installation, operation, and maintenance aids in ensuring that users are well-informed and equipped to manage security considerations throughout the lifecycle of the equipment. The guidance on cybersecurity management, illustrated through roles and responsibilities, architectures, use cases, and developmental methods, further enhances the document’s value as a go-to resource for integrating cybersecurity into equipment assemblies. The bridging references to cybersecurity management systems illustrate its relevance within a broader security framework. In summary, the EN IEC 63208:2025 standard is a vital reference for those involved in the development and management of low-voltage switchgear and controlgear assemblies, providing comprehensive requirements that are essential for enhancing the security posture of operational technology systems.
SIST EN IEC 63208:2025 표준은 저전압 스위치기어 및 제어장치와 그 조합의 보안 요구사항을 명확히 정의하고 있습니다. 이 문서는 운영 기술(OT 3.1.34)과 관련하여 스위치기어 및 제어장치와 그 조합, 즉 장비의 주요 기능에 적용됩니다. 특히, 유선 및 무선 데이터 통신 수단을 가진 장비와 그 물리적 접근성을 환경 조건의 한계 내에서 다루고 있습니다. 이 표준의 강점은 보안 위협에 대한 적절한 물리적 및 사이버 보안 완화 조치를 달성하기 위한 요구사항을 제시하는 것입니다. 첫째로, 보안 위험 평가를 수립하는 데 필요한 공격 수준, 일반적인 위협, 영향 평가 및 안전과의 관계를 포함합니다. 둘째, 통신 인터페이스의 노출 수준 평가와 장비의 보안 수준 결정을 촉진합니다. 이는 상기와 함께 적절한 보안 조치를 장비에 할당하고 ISO/IEC 27001에서 파생된 물리적 접근 및 환경에 대한 대응책을 제공합니다. 또한, IEC 62443-4-2에 언급된 기준을 기반으로 물리적 접근과 환경에 대한 대응책을 제시하며, 사용자에게 설치, 운영 및 유지보수에 대한 지침을 제공합니다. 이 문서는 장비의 가족별 보안 보호 프로파일을 포함하여, 보안 요구사항의 적합성 검증 및 테스트에 대한 요구사항도 포함하고 있습니다. 또한, 사이버 보안 관리에 대한 지침도 포함되어 있으며, 역할과 책임, 전형적인 아키텍처, 사용 사례, 개발 방법론, 사용자에게 제공되는 권장사항 및 조합 내 통합 참고 사항을 제공합니다. 이는 장비의 보안 요구사항이 기업이나 산업 환경에서 어떻게 적절히 관리될 수 있는지를 보여줍니다. 본 표준은 정보 기술(IT), 산업 자동화 및 제어 시스템(IACS), 비판적 인프라 또는 에너지 관리 시스템에 대한 보안 요구사항을 다루지 않으므로, 이러한 범주에 대한 보안 관리에 대한 별도의 표준을 참조해야 합니다. 전반적으로 SIST EN IEC 63208:2025 표준은 저전압 스위치기어 및 제어장치의 보안 강화를 위한 필수적이고 실용적인 가이드라인을 제공하며, 운영 기술 분야에서의 사이버 보안 관리의 필요성을 잘 반영하고 있습니다.
Die Norm EN IEC 63208:2025 für Niederspannungsschaltgeräte und -steuerungen sowie deren Baugruppen bietet einen umfassenden Rahmen für die Sicherheitsanforderungen, die im Kontext der Betriebstechnologie (OT 3.1.34) von wesentlicher Bedeutung sind. Der Umfang der Norm erstreckt sich auf Geräte mit kabelgebundenen oder drahtlosen Datenkommunikationsmitteln und deren physische Zugänglichkeit, wobei spezifische Umweltbedingungen berücksichtigt werden. Dies stellt sicher, dass geeignete physische und Cybersicherheitsmaßnahmen gegen potenzielle Bedrohungen implementiert werden. Ein herausragendes Merkmal der Norm ist der klare Fokus auf die Durchführung von Sicherheitsrisikobewertungen. Diese Bewertungen sind entscheidend, um Angriffslevel, typische Bedrohungen und deren Auswirkungen zu bewerten sowie die Beziehung zur Sicherheit festzustellen. Die Norm bietet darüber hinaus spezifische Anforderungen zur Bestimmung der Sicherheitsstufen von Geräten und zur Bewertung des Expositionsgrads der Kommunikationsschnittstellen. Die Zuordnung erforderlicher Sicherheitsmaßnahmen für die Geräte ist essenziell, um ungewollte Operationen zu verhindern, die gefährliche Situationen verursachen könnten, sowie um die Verfügbarkeit von Schutzeinrichtungen wie Überstrom- und Erdschlussschutz zu gewährleisten. Besonders hervorzuheben ist die Anbindung der Gegenmaßnahmen an etablierte Standards wie ISO/IEC 27001 und IEC 62443-4-2, was die Relevanz und Anwendung der Norm im Bereich der Cybersicherheit stärkt. Die Norm unterstützt auch die Erstellung von Benutzeranleitungen für Installation, Betrieb und Wartung, was den Endbenutzern eine wichtige Orientierung bietet. Ein weiterer Stärkenaspekt der Norm ist die Bereitstellung von Leitlinien zum Cybersicherheitsmanagement. Hierzu zählen Definitionen von Rollen und Verantwortlichkeiten, typische Architekturen sowie Anwendungsszenarien und Entwicklungsmethoden. Diese strukturierte Herangehensweise ermöglicht eine bessere Integration in bestehende Systeme und fördert ein bewussteres Vorgehen bei der Cybersicherheit. Es ist jedoch wichtig zu beachten, dass die Norm spezifische Bereiche ausschließt, darunter Anforderungen an Informationstechnologie (IT), industrielle Automatisierung und kritische Infrastrukturen. Dies verdeutlicht den klaren Fokus der Norm auf Niederspannungsschaltgeräte und -steuerungen, was ihre Spezialisierung und Relevanz in diesem speziellen Sektor unterstreicht. Insgesamt betrachtet, bietet die EN IEC 63208:2025 eine umfangreiche und fundierte Grundlage für die Sicherheitsanforderungen von Niederspannungsschaltgeräten und -steuerungen, die sowohl die physische Sicherheit als auch den Schutz vor Cyberbedrohungen berücksichtigt.
標準化文書「EN IEC 63208:2025」についてのレビューは以下の通りです。 この文書は、低電圧開閉装置および制御機器、そのアセンブリのセキュリティ要件を定めたものであり、運用技術(OT 3.1.34)の文脈における機器の主な機能に適用されます。標準は、有線または無線のデータ通信手段を持つ機器の物理的アクセス性や環境条件下での適用性を考慮しています。目的は、セキュリティ脅威に対する脆弱性の適切な物理的およびサイバーセキュリティの緩和を達成することです。 この文書は、以下の主要な要件を提供します: - サイバーセキュリティリスク評価の策定、攻撃レベル、典型的な脅威、影響評価、安全性との関連性を含む。 - コミュニケーションインターフェースの露出レベルおよび機器セキュリティレベルの評価。 - 機器に必要なセキュリティ対策の割り当て。 - ISO/IEC 27001から派生した物理的アクセスと環境に対する対策。 - IEC 62443-4-2に準拠した対策およびその適用基準。 - 設置、運用、メンテナンスのためのユーザー指示。 - 適合性検証とテスト。 - 機器のファミリーごとのセキュリティ保護プロファイル(付録Eから付録I)。 特に、意図しない操作による危険な状況や、過電流や接地故障などの保護機能の利用不能、主機能の劣化を引き起こす脅威に対する脆弱性に焦点を当てています。サイバーセキュリティ管理に関するガイダンスも提供しており、役割と責任(表4)、典型的なアーキテクチャ(付録A)、ユースケース(付録B)、開発方法(付録C)、ユーザーへの推奨事項(付録D)、サイバーセキュリティ管理システムへの架け橋(付録K)などが含まれています。 ただし、この文書は以下の分野におけるセキュリティ要件についてはカバーしていません: - 情報技術(IT)。 - 工業自動化および制御システム(IACS)、エンジニアリングワークステーションおよびそのソフトウェアアプリケーション。 - クリティカルインフラストラクチャやエネルギー管理システム。 - ネットワーク機器(通信ネットワークスイッチまたは仮想プライベートネットワークターミナル)。 - 重要なセキュリティパラメータ以外のデータ機密性。 - 設計ライフサイクル管理。 これに関しては、IEC 62443-4-1、ISO/IEC 27001、または他のセキュリティライフサイクル管理標準を参照してください。この標準は、低電圧開閉装置と制御機器のセキュリティ要件において、極めて重要な役割を果たしており、今後の技術革新にも不可欠な基盤を提供します。
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...