Digital Bond

For Secure & Robust ICS

  • Home
  • Consulting
  • S4x19
  • Dale Peterson
  • Hire Dale To Speak
  • Contact Us

Five Draft ISA99 / IEC-62443 Standards

April 29, 2013 by Dale Peterson 1 Comment

PLC Security

The ISA99 committee has always been the most prolific of the ICS security standards and guidelines writing bodies, although NERC CIP may put up an argument. The coordination of the ISA99 and IEC-62443 efforts has only increased the pace as the international participation and contribution added resources to the Working Groups.

In a recent Working Group 5 minutes the ISA99 leadership team announced that five draft documents are ready for broader review and comment. ISA99 plans to release the drafts in the following order and approximately two weeks apart.

  1. ISA-62443-3-2: Security Risk Assessment and System Design (Security Assurance Levels for Zones and Conduits)
  2. ISA-62443-4-1: Product Development Requirements
  3. ISA-TR62443-2-3: Patch Management in the IACS Environment
  4. ISA-62443-1-3: System Security Compliance Metrics
  5. ISA-TR62443-1-2: Master Glossary of Terms and Abbreviations

ISA-62443-3-2 is out now and is likely one of the most important documents that ISA99 has produced. I say likely because I haven’t read it in a while and the proposed title change is interesting. Does it represent a major shift in the purpose of the document or just represent the document was covering more than zones and conduits. Setting up security zones with security perimeters and then regulating communication between these security zones (conduits) is typically the first task in an ICS security program. I’ll read the latest draft and have an article up on it on Thursday.

I’m also looking forward to the drafts on Product Development Requirements and System Security Compliance Metrics. You can see the audacious list of ISA99 work product.

Filed Under: ISA 99 Tagged With: IEC-62443, ISA99

Comments

  1. Eric Cosman - ISA99 co-chair says

    April 29, 2013 at 14:22

    Dale;

    Thanks for the “plug.” As you said, our plans are audacious but after all, we have been at this for a long time and it is important that we share more of our work even as it is in development. We continue to get people coming forward offering to help, and perhaps the biggest challenge is coordinating all of this activity. Not a bad problem to have I suppose.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Subscribe to the S4 Events YouTube Channel

S4x19 Is Open For Registration

Jan 14 – 17 in Miami Beach

Follow S4 Events on Facebook

Tools & Talks

DNS Squatting and You

DNS Squatting and You

February 24, 2016 By Reid W 3 Comments

Basecamp for Serial Converters

Basecamp for Serial Converters

October 30, 2015 By Reid W 3 Comments

escar Asia

escar Asia

September 9, 2015 By Dale Peterson 1 Comment

Unsolicited Response Podcast: Cyber Insurance

Unsolicited Response Podcast: Cyber Insurance

August 27, 2015 By Dale Peterson 3 Comments

S4 Events Newsletter

Subscribe to our newsletter on leading / bleeding edge ICS cyber security information and S4 Events.

* indicates required
Email Format

Dale's Tweets

About Us

Digital Bond was founded in 1998 and performed our first control system security assessment in the year 2000. Over the last sixteen years we have helped many asset owners and vendors improve the security and reliability of their ICS, and our S4 events are an opportunity for technical experts and thought leaders to connect and move the ICS community forward.

Recent Comments

  • Chris on Attacking CANBus – Part 1
  • Chris on Koyo/Automation Direct Vulnerabilities
  • Brandon Workentin on The ICS Security Stories We Tell And Love
  • Joe Weiss on Insanely Crowded ICS Anomaly Detection Market
  • Stuart Bailey on Unsolicited Response Podcast Is Back … With John Matherly of Shodan

Search….

Follow @digitalbond

Copyright © 2019 Digital Bond. - All Rights Reserved ·