WG 10 - TC 65/WG 10

IEC 62443-3-2:2020 establishes requirements for:
• defining a system under consideration (SUC) for an industrial automation and control system (IACS);
• partitioning the SUC into zones and conduits;
• assessing risk for each zone and conduit;
• establishing the target security level (SL-T) for each zone and conduit; and
• documenting the security requirements.

IEC 62443-4-2:2019 provides detailed technical control system component requirements (CRs) associated with the seven foundational requirements (FRs) described in IEC TS 62443-1-1 including defining the requirements for control system capability security levels and their components, SL-C(component).
As defined in IEC TS 62443-1-1 there are a total of seven foundational requirements (FRs):
a) identification and authentication control (IAC),
b) use control (UC),
c) system integrity (SI),
d) data confidentiality (DC),
e) restricted data flow (RDF),
f) timely response to events (TRE), and
g) resource availability (RA).
These seven FRs are the foundation for defining control system security capability levels. Defining security capability levels for the control system component is the goal and objective of this document as opposed to SL-T or achieved SLs (SL-A), which are out of scope.
The contents of the corrigendum of August 2022 have been included in this copy.

IEC 62443-4:2018 specifies the process requirements for the secure development of products used in industrial automation and control systems. This specification is part of a series of standards that addresses the issue of security for industrial automation and control systems (IACS). IEC 62443-4 defines secure development life-cycle (SDL) requirements related to cyber security for products intended for use in the industrial automation and control systems environment and provides guidance on how to meet the requirements described for each element. The life-cycle description includes security requirements definition, secure design, secure implementation (including coding guidelines), verification and validation, defect management, patch management and product end-of-life. These requirements can be applied to new or existing processes for developing, maintaining and retiring hardware, software or firmware.
Note that these requirements only apply to the developer and maintainer of the product, and are not applicable to the integrator or the user of the product. A summary list of the requirements is provided in Annex B.

Applies to all line-commutated high-voltage direct current (HVDC) converter stations used for power exchange in utility systems. Presumes the use of 12-pulse thyristor converters but can also be used for 6-pulse thyristor converters. Presents procedures for determining the total losses of an HVDC converter station. Cover all parts, except synchronous compensators or static var compensators and address no-load operation and operating losses together with their methods of calculation which use, wherever possible, measured parameters.[
]The contents of the corrigendum of October 1999 have been included in this copy.

IEC TR 62443-2-3:2015(E) describes requirements for asset owners and industrial automation and control system (IACS) product suppliers that have established and are now maintaining an IACS patch management program. This Technical Report recommends a defined format for the distribution of information about security patches from asset owners to IACS product suppliers, a definition of some of the activities associated with the development of the patch information by IACS product suppliers and deployment and installation of the patches by asset owners. The exchange format and activities are defined for use in security related patches; however, it may also be applicable for non-security related patches or updates.

IEC 62443-3-3:2013 provides detailed technical control system requirements (SRs) associated with the seven foundational requirements (FRs) described in IEC 62443-1-1 including defining the requirements for control system capability security levels, SL-C(control system). These requirements would be used by various members of the industrial automation and control system (IACS) community along with the defined zones and conduits for the system under consideration (SuC) while developing the appropriate control system target SL, SL-T(control system), for a specific asset. The contents of the corrigendum of April 2014 have been included in this copy.

IEC 62443-2-1:2010 defines the elements necessary to establish a cyber security management system (CSMS) for industrial automation and control systems (IACS) and provides guidance on how to develop those elements. This standard uses the broad definition and scope of what constitutes an IACS described in IEC/TS 62443-1-1. The elements of a CSMS described in this standard are mostly policy, procedure, practice and personnel related, describing what shall or should be included in the final CSMS for the organization. This bilingual version (2012-04) corresponds to the monolingual English version, published in 2010-11.

IEC/TS 62443-1-1:2009(E) is a technical specification which defines the terminology, concepts and models for Industrial Automation and Control Systems (IACS) security. It establishes the basis for the remaining standards in the IEC 62443 series.

IEC/TR 62443-3-1:2009(E) provides a current assessment of various cybersecurity tools, mitigation counter-measures, and technologies that may effectively apply to the modern electronically based IACSs regulating and monitoring numerous industries and critical infrastructures. It describes several categories of control system-centric cybersecurity technologies, the types of products available in those categories, the pros and cons of using those products in the automated IACS environments, relative to the expected threats and known cyber vulnerabilities, and, most important, the preliminary recommendations and guidance for using these cybersecurity technology products and/or countermeasures.