iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CLC

EN IEC 62443-2-4:2019/A1:2019

(Amendment)

Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providers

Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providers

This part of IEC 62443 specifies a comprehensive set of requirements for security capabilities
for IACS service providers that they can offer to the asset owner during integration and
maintenance activities of an Automation Solution. Because not all requirements apply to all
industry groups and organizations, Subclause 4.1.4 provides for the development of Profiles
that allow for the subsetting of these requirements. Profiles are used to adapt this document
to specific environments, including environments not based on an IACS.
NOTE 1 The term “Automation Solution” is used as a proper noun (and therefore capitalized) in this part of
IEC 62443 to prevent confusion with other uses of this term.
Collectively, the security capabilities offered by an IACS service provider are referred to as its
Security Program. In a related specification, IEC 62443-2-1 describes requirements for the
Security Management System of the asset owner.
NOTE 2 In general, these security capabilities are policy, procedure, practice and personnel related.
Figure 2 illustrates how the integration and maintenance capabilities relate to the IACS and
the control system product that is integrated into the Automation Solution. Some of these
capabilities reference security measures defined in IEC 62443-3-3 that the service provider
must ensure are supported in the Automation Solution (either included in the control system
product or separately added to the Automation Solution).

IT-Sicherheit für industrielle Automatisierungssysteme - Teil 2-4: Anforderungen an das IT-Sicherheitsprogramm von Dienstleistern für industrielle Automatisierungssysteme

Sécurité des automatismes industriels et des systèmes de commande - Partie 2-4: Exigences de programme de sécurité pour les fournisseurs de service IACS

Zaščita industrijske avtomatizacije in nadzornih sistemov - 2-4. del: Zahteve za program zaščite za ponudnike storitev IACS - Dopolnilo A1 (IEC 62443-2-4:2015/A1:2017)

Ta del standarda IEC 62443 določa izčrpen sklop zahtev za zmogljivosti zaščite
za ponudnike storitev IACS, ki jih lahko ponudijo lastniku dobrine med integracijo in
vzdrževanjem Rešitve avtomatizacije. Ker vse zahteve ne veljajo za vse
industrijske skupine in organizacije, podtočka 4.1.4 zagotavlja razvoj profilov, ki
omogočajo podnabor teh zahtev. Profili se uporabljajo za prilagoditev tega dokumenta
posebnim okoljem, vključno z okolji, ki ne temeljijo na skupnosti IACS.
OPOMBA 1: Izraz »Rešitev avtomatizacije« se v tem delu standarda IEC 62443 uporablja kot lastno ime (in je zato zapisan z veliko začetnico), da ga ni mogoče zamenjati z drugimi uporabami tega izraza.
Skupaj se zmogljivosti zaščite, ki jih ponuja ponudnik storitev IACS, imenujejo njegov
program varnosti zaščite. V povezani specifikaciji standard IEC 62443-2-1 opisuje zahteve za
sistem vodenja zaščite lastnika dobrine.
OPOMBA 2: Na splošno so te zmogljivosti zaščite povezane s politiko, postopki, prakso in osebjem.
Na sliki 2 je prikazano, kako so zmogljivosti integracije in vzdrževanja povezane s skupnostjo IACS in
izdelkom nadzornega sistema, ki je integriran v Rešitev avtomatizacije. Nekatere od teh
zmogljivosti se navezujejo na ukrepe za zaščito iz standarda IEC 62443-3-3, za katere mora ponudnik storitev
zagotoviti, da jih Rešitev avtomatizacije podpira (so vključeni v izdelku nadzornega
sistema ali pa so v Rešitev avtomatizacije dodani posebej).

General Information

Status
Published
Publication Date
18-Apr-2019
Withdrawal Date
02-Apr-2022
ICS
25.040.40 - Industrial process measurement and control
35.110 - Networking
Technical Committee
CLC/TC 65X - Industrial-process measurement, control and automation
Drafting Committee
CLC/TC 65X - Industrial-process measurement, control and automation
Current Stage
6060 - Document made available - Publishing
Start Date
19-Apr-2019
Due Date
08-Nov-2020
Completion Date
19-Apr-2019
Ref Project
SIST EN IEC 62443-2-4:2019/A1:2019 - Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providers (IEC 62443-2-4:2015/A1:2017)

Relations

Replaced By
EN IEC 62443-2-4:2024 - Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providers
Effective Date
26-Jul-2022
Amends
EN IEC 62443-2-4:2019 - Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providers
Effective Date
17-Apr-2018

Buy Standard

EN IEC 62443-2-4:2019/A1:2019EN IEC 62443-2-4:2019/A1:2019
PreviousNext
Amendment
EN IEC 62443-2-4:2019/A1:2019
English language
25 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN IEC 62443-2-4:2019/A1:2019
01-november-2019
Zaščita industrijske avtomatizacije in nadzornih sistemov - 2-4. del: Zahteve za
program zaščite za ponudnike storitev IACS - Dopolnilo A1 (IEC 62443-2-
4:2015/A1:2017)
Security for industrial automation and control systems - Part 2-4: Security program
requirements for IACS service providers (IEC 62443-2-4:2015/A1:2017)
IT-Sicherheit für industrielle Automatisierungssysteme - Teil 2-4: Anforderungen an das
IT-Sicherheitsprogramm von Dienstleistern für industrielle Automatisierungssysteme
(IEC 62443-2-4:2015/A1:2017)
Sécurité des automatismes industriels et des systèmes de commande - Partie 2-4:
Exigences de programme de sécurité pour les fournisseurs de service IACS
(IEC 62443-2-4:2015/A1:2017)
Ta slovenski standard je istoveten z: EN IEC 62443-2-4:2019/A1:2019
ICS:
25.040.01 Sistemi za avtomatizacijo v Industrial automation
industriji na splošno systems in general
35.030 Informacijska varnost IT Security
SIST EN IEC 62443-2-4:2019/A1:2019 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN IEC 62443-2-4:2019/A1:2019

---------------------- Page: 2 ----------------------
SIST EN IEC 62443-2-4:2019/A1:2019


EUROPEAN STANDARD EN IEC 62443-2-4:2019/A1

NORME EUROPÉENNE

EUROPÄISCHE NORM
April 2019
ICS 35.110; 25.040.40

English Version
Security for industrial automation and control systems - Part 2-4:
Security program requirements for IACS service providers
(IEC 62443-2-4:2015/A1:2017)
Sécurité des automatismes industriels et des systèmes de IT-Sicherheit für industrielle Automatisierungssysteme - Teil
commande - Partie 2-4: Exigences de programme de 2-4: Anforderungen an das IT-Sicherheitsprogramm von
sécurité pour les fournisseurs de service IACS Dienstleistern für industrielle Automatisierungssysteme
(IEC 62443-2-4:2015/A1:2017) (IEC 62443-2-4:2015/A1:2017)
This amendment A1 modifies the European Standard EN IEC 62443-2-4:2019; it was approved by CENELEC on 2019-04-03. CENELEC
members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this amendment the
status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This amendment exists in three official versions (English, French, German). A version in any other language made by translation under the
responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the same status as
the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden,
Switzerland, Turkey and the United Kingdom.


European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2019 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
 Ref. No. EN IEC 62443-2-4:2019/A1:2019 E

---------------------- Page: 3 ----------------------
SIST EN IEC 62443-2-4:2019/A1:2019
EN IEC 62443-2-4:2019/A1:2019 (E)
European foreword
This document (EN IEC 62443-2-4:2019/A1:2019) consists of the text of IEC 62443-2-4:2015/A1:2017
prepared by IEC/TC 65 "Industrial-process measurement, control and automation".
The following dates are fixed:
• latest date by which the document has to be implemented at national (dop) 2020-04-03
level by publication of an identical national standard or by endorsement
• latest date by which the national standards conflicting with the (dow) 2022-04-03
document have to be withdrawn

Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.

Endorsement notice
The text of the International Standard IEC 62443-2-4:2015/A1:2017 was approved by CENELEC as a
European Standard without any modification.


2

---------------------- Page: 4 ----------------------
SIST EN IEC 62443-2-4:2019/A1:2019
SLOVENSKI STANDARD
SIST EN IEC 62443-2-4:2019/A1:2019
01-november-2019
Zaščita industrijske avtomatizacije in nadzornih sistemov - 2-4. del: Zahteve za
program zaščite za ponudnike storitev IACS - Dopolnilo A1 (IEC 62443-2-
4:2015/A1:2017)
Security
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CLC
EN IEC 62453-302:2023(Main)
Field device tool (FDT) interface specification - Part 302: Communication profile integration - IEC 61784 CPF 2
SIST EN IEC 62453-302:2024

Communication Profile Family 2 (commonly known as CIPTM1) defines communication profiles based on IEC 61158-2 Type 2, IEC 61158-3-2, IEC 61158-4-2, IEC 61158-5-2, IEC 61158-6-2, and IEC 62026-3. The basic profiles CP 2/1 (ControlNetTM2), CP 2/2 (EtherNet/IPTM3), and CP 2/3 (DeviceNetTM1) are defined in IEC 61784-1 and IEC 61784-2. An additional communication profile (CompoNetTM1), also based on CIPTM, is defined in [15]. This part of IEC 62453 provides information for integrating the CIPTM technology into the FDT interface specification (IEC 62453-2). This part of IEC 62453 specifies communication and other services. This specification neither contains the FDT specification nor modifies it.

  • Standard
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN IEC 61158-4-24:2023(Main)
Industrial communication networks - Fieldbus specifications - Part 4-24: Data-link layer protocol specification - Type 24 elements
SIST EN IEC 61158-4-24:2023

IEC 61158-4-24:2023 provides procedures for the timely transfer of data and control information from one data-link user entity to a peer user entity, and among the data-link entities forming the distributed datalink service provider; procedures for giving communications opportunities to all participating DL-entities (DLEs), sequentially and in a cyclic manner for deterministic and synchronized transfer at cyclic intervals up to 64 ms; procedures for giving communication opportunities available for time-critical data transmission together with non-time-critical data transmission without prejudice to the time-critical data transmission; procedures for giving cyclic and acyclic communication opportunities for time-critical data transmission with prioritized access; procedures for giving communication opportunities based on ISO/IEC/IEEE 8802‑3 medium access control, with provisions for nodes to be added or removed during normal operation; the structure of the fieldbus DLPDUs used for the transfer of data and control information by the protocol of this document, and their representation as physical interface data units.

  • Standard
    138 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN IEC 61158-4-21:2023(Main)
Industrial communication networks - Fieldbus specifications - Part 4-21: Data-link layer protocol specification - Type 21 elements
SIST EN IEC 61158-4-21:2023

IEC 61158-4-21:2023 describes: procedures for the timely transfer of data and control information from one data link user entity to a peer user entity, and among the data link entities forming the distributed data link service provider; procedures for giving communication opportunities based on ISO/IEC/IEEE 8802‑3 MAC, with provisions for nodes to be added or removed during normal operation; structure of the fieldbus data link protocol data units (DLPDUs) used for the transfer of data and control information by the protocol of this document, and their representation as physical interface data units.

  • Standard
    112 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN IEC 61158-5-2:2023(Main)
Industrial communication networks - Fieldbus specifications - Part 5-2: Application layer service definition - Type 2 elements
SIST EN IEC 61158-5-2:2023

IEC 61158-5-2:2023 provides common elements for basic time-critical and non-time-critical messaging communications between application programs in an automation environment and material specific to Type 2 fieldbus. The term "time-critical" is used to represent the presence of a time-window, within which one or more specified actions are required to be completed with some defined level of certainty. Failure to complete specified actions within the time window risks failure of the applications requesting the actions, with attendant risk to equipment, plant and possibly human life.

  • Standard
    244 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN IEC 61158-5-10:2023(Main)
Industrial communication networks - Fieldbus specifications - Part 5-10: Application layer service definition - Type 10 elements
SIST EN IEC 61158-5-10:2023

IEC 61158-5-10:2023 provides common elements for basic time-critical and non-time-critical messaging communications between application programs in an automation environment and material specific to Type 10 fieldbus. The term "time-critical" is used to represent the presence of a time-window, within which one or more specified actions are required to be completed with some defined level of certainty. Failure to complete specified actions within the time window risks failure of the applications requesting the actions, with attendant risk to equipment, plant and possibly human life.

  • Standard
    767 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN IEC 61158-5-4:2023(Main)
Industrial communication networks - Fieldbus specifications - Part 5-4: Application layer service definition - Type 4 elements
SIST EN IEC 61158-5-4:2023

IEC 61158-5-4:2023 provides common elements for basic time-critical and non-time-critical messaging communications between application programs in an automation environment and material specific to Type 4 fieldbus. The term "time-critical" is used to represent the presence of a time-window, within which one or more specified actions are required to be completed with some defined level of certainty. Failure to complete specified actions within the time window risks failure of the applications requesting the actions, with attendant risk to equipment, plant and possibly human life.

  • Standard
    74 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN IEC 61158-6-4:2023(Main)
Industrial communication networks - Fieldbus specifications - Part 6-4: Application layer protocol specification - Type 4 elements
SIST EN IEC 61158-6-4:2023

IEC 61158-6-4:2023 provides common elements for basic time-critical and non-time-critical messaging communications between application programs in an automation environment and material specific to Type 4 fieldbus. The term “time-critical” is used to represent the presence of a time-window, within which one or more specified actions are required to be completed with some defined level of certainty. Failure to complete specified actions within the time window risks failure of the applications requesting the actions, with attendant risk to equipment, plant and possibly human life.

  • Standard
    44 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN IEC 61158-6-23:2023(Main)
Industrial communication networks - Fieldbus specifications - Part 6-23: Application layer protocol specification - Type 23 elements
SIST EN IEC 61158-6-23:2023

IEC 61158-6-23:2023 provides common elements for basic time-critical and non-time-critical messaging communications between application programs in an automation environment and material specific to Type 23 fieldbus. The term "time-critical" is used to represent the presence of a time-window, within which one or more specified actions are required to be completed with some defined level of certainty. Failure to complete specified actions within the time window risks failure of the applications requesting the actions, with attendant risk to equipment, plant and possibly human life.

  • Standard
    312 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN IEC 61158-6-24:2023(Main)
Industrial communication networks - Fieldbus specifications - Part 6-24: Application layer protocol specification - Type 24 elements
SIST EN IEC 61158-6-24:2023

IEC 61158-6-24:2023 provides common elements for basic time-critical and non-time-critical messaging communications between application programs in an automation environment and material specific to Type 24 fieldbus. The term "time-critical" is used to represent the presence of a time-window, within which one or more specified actions are required to be completed with some defined level of certainty. Failure to complete specified actions within the time window risks failure of the applications requesting the actions, with attendant risk to equipment, plant and possibly human life.

  • Standard
    148 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN IEC 61158-6-26:2023(Main)
Industrial communication networks - Fieldbus specifications - Part 6-26: Application layer protocol specification - Type 26 elements
SIST EN IEC 61158-6-26:2023

1.1 General The Fieldbus Application Layer (FAL) provides user programs with a means to access the fieldbus communication environment. In this respect, the FAL can be viewed as a "window between corresponding application programs." This part of IEC 61158 provides common elements for basic time-critical and non-time-critical messaging communications between application programs in an automation environment and material specific to Type 2 fieldbus. The term "time-critical" is used to represent the presence of a time-window, within which one or more specified actions are required to be completed with some defined level of certainty. Failure to complete specified actions within the time window risks failure of the applications requesting the actions, with attendant risk to equipment, plant and possibly human life. This International Standard specifies interactions between remote applications and defines the externally visible behavior provided by the Type 2 fieldbus application layer in terms of a) the formal abstract syntax defining the application layer protocol data units conveyed between communicating application entities; b) the transfer syntax defining encoding rules that are applied to the application layer protocol data units; c) the application context state machine defining the application service behavior visible between communicating application entities; d) the application relationship state machines defining the communication behavior visible between communicating application entities. The purpose of this document is to define the protocol provided to a) define the wire-representation of the service primitives defined in IEC 61158-5-2, and b) define the externally visible behavior associated with their transfer. This document specifies the protocol of the Type 2 fieldbus application layer, in conformance with the OSI Basic Reference Model (ISO/IEC 7498-1) and the OSI application layer structure (ISO/IEC 9545). 1.2 Specifications The principal objective of this document is to specify the syntax and behavior of the application layer protocol that conveys the application layer services defined in IEC 61158-5-2. A secondary objective is to provide migration paths from previously-existing industrial communications protocols. 1.3 Conformance This document does not specify individual implementations or products, nor does it constrain the implementations of application layer entities within industrial automation systems. Conformance is achieved through implementation of this application layer protocol specification.

  • Standard
    210 pages
    English language
    sale 10% off
    e-Library read for
    1 day