Content deleted Content added
→Control system security certification: made the section more general |
|||
Line 43:
# The fourth category includes work products that describe the specific product development and technical requirements of control system products. This is primarily intended for control product vendors, but can be used by integrator and asset owners for to assist in the procurement of secure products.
== Control system security
Certifications for control system security have been established by several global Certification Bodies. Most of the schemes are based on the [[IEC 62443]] and describe test methods, surveillance audit policy, public documentation policies, and other specific aspects of their program.
=== The ISA Security Compliance Institute (ISCI) IEC 62443 Conformity Assessment Program ===▼
Cybersecurity certification programs for IEC 62443 standards are being offered globally by several recognized CBs including exida, CertX, SGS-TÜV Saar, TÜV Nord, TÜV Rheinland, TÜV SÜD and UL. Global Accreditation and Recognition A global infrastructure has been established to ensure consistent evaluation per these standards. Impartial third-party organizations called Certification Bodies (CB) are accredited to operate ISO/IEC 17065 and ISO/IEC 17025. Certification Bodies are accredited to perform the auditing, assessment, and testing work by an Accreditation Body (AB). There is often one national AB in each country. These ABs operate per the requirements of ISO/IEC 17011, a standard that contains requirements for the competence, consistency, and impartiality of accreditation bodies when accrediting conformity assessment bodies. ABs are members of the International Accreditation Forum (IAF) for work in management systems, products, services, and personnel accreditation or the International Laboratory Accreditation Cooperation (ILAC) for laboratory accreditation. A Multilateral Recognition Arrangement (MLA) between ABs will ensure global recognition of accredited CBs.
The IEC CB Scheme is a multilateral agreement that facilitates market access for manufacturers of electrical and electronic products.
Two COTS product certifications are available under the ISASecure® brand: ISASecure-CSA (Component Security Assurance) certifying automation products to the 62443-4-1 / 62443-4-2 IACS cybersecurity standards and ISASecure-SSA (System Security Assurance), certifying IACS systems to the IEC 62443-3-3 standard.▼
The origin of the CB Scheme comes from the CEE (former European "Commission for Conformity Testing of Electrical Equipment") and was integrated into the IEC in 1985. Currently, 54 Member Bodies are in the IECEE, 88 NCBs (National Certification Bodies), and 534 CB Test Laboratories (CBTL). In the field of product certification, this procedure is used to reduce the complexity in the approval procedure for manufacturers of products tested and certified according to harmonized standards.
A product that has been tested by a CBTL (certified testing laboratory) according to a harmonized standard such as the IEC 62443, can use the CB report as a basis for a later national certification and approval such as GS, PSE, CCC, NOM, GOST/R, BSMI.
The ISASecure 62443 conformity assessment scheme is an ISO 17065 program whose labs (certification bodies or CB) are independently accredited by ANSI/ANAB, JAB and other global ISO 17011 accreditation bodies (AB). The certification labs must also meet ISO 17025 lab accreditation requirements to ensure consistent application of certification requirements and recognized tools.▼
▲===
The International Security Compliance Institute (ISCI) created the first conformity assessment scheme (commonly known as a certification scheme) for the ANSI/ISA 62443 standards. This program certifies Commercial Off-the-shelf (COTS) automation, control systems, and IOT devices, addressing securing the control systems supply chain. ISCI development processes include maintenance policies to ensure that the ISASecure certifications remain in alignment with the IEC 62443 standards as they evolve. While the ANSI/ISA 62443 standards are designed to horizontally address technical cybersecurity requirements of a cross-section of industries, the ISASecure working groups have included subject matter experts from traditional process industries and building management system suppliers and asset owners.
▲Two COTS product certifications are available under the ISASecure
▲The ISASecure 62443 conformity assessment scheme is an ISO 17065 program whose labs (certification bodies or CB) are independently accredited by ANSI/ANAB, JAB and other global ISO 17011 accreditation bodies (AB). The certification labs must also meet ISO 17025 lab accreditation requirements to ensure consistent application of certification requirements and recognized tools. Through Mutual Recognition Arrangements (MRA) with IAF, ILAC and others, the accreditation of the ISASecure labs by the ISA 17011 accreditation bodies ensures that certificates issued by any of the ISASecure labs are globally recognized.
The ISASecure scheme includes a process for recognizing test tools to ensure the tools meet functional requirements necessary and sufficient to execute all required product tests and that test results will be consistent among the recognized tools.
ISCI development processes include maintenance policies to ensure that the ISASecure certifications remain in alignment with the IEC 62443 standards as they evolve. While the IEC 62443 standards are designed to horizontally address technical cybersecurity requirements of a cross-section of industries, the ISASecure scheme’s certification requirements working groups include subject matter experts from the chemical and oil and gas industries and are reflective of their cybersecurity needs.
ISCI published a 2017 study which confirmed applicability of the IEC 62443 standards and ISASecure certification to Building Management Systems
▲ISCI published a 2017 study which confirmed applicability of the IEC 62443 standards and ISASecure certification to Building Management Systems. The resulting study, executive summary, and PPT are available for free download from the www.isasecure.org website. ISCI has added leading BMS suppliers to its membership and established a BMS working group to support ongoing expansion of ISASecure certifications for BMS.
▲=== IEC 62443 Certification Programs===
==References==
| |||