Study: IIoT Component Certification Based on the 62443 Standard

The ISA Global Security Alliance (ISAGCA) and the ISA Security Compliance Institute (ISCI) recently released a co-sponsored Industrial Internet of Things (IIoT) certification study entitled, “IIoT Component Certification Based on the 62443 Standard.”

The study addresses the urgent need for industry-vetted IIoT certification programs, with the goal of determining the applicability of the ISA/IEC 62443 series of standards and certifications to IIoT components and systems. This included examining whether existing 62443 requirements and methods for validating these requirements under existing certification programs are necessary and sufficient for the IIoT environment.

The first phase of the study addresses IIoT devices and IIoT gateways. Later phases of the project will consider overall IIoT systems and other types of IIoT components.

This study is available at no cost. Request your copy by submitting the form to the right, and we'll email you a link to download the file.

Untitled-Project (3)

Learn

The goal for the overall study is to determine the applicability of IEC 62443 standards and certifications to IIoT components and systems.

If you'd like to learn more, register for the 10/27 webinar, "ISA/IEC 62443 IIoT Certifications Study Review" here.

Untitled-Project (2)

Discover

The study results were based upon an analysis of six industry/government sources on the topic of IoT/IIoT security, and the expertise of the ISAGCA/ISCI project team.
Untitled-Project

Stay Tuned

Phase 1 of the study addresses IIoT devices and IIoT gateways. Later phases of this project will consider overall IIoT systems and other types of IIoT components.

DOWNLOAD THE EXECUTIVE SUMMARY HERE
DOWNLOAD
ISCI and ISAGCA Joint IIoT Study - Full Study-5_Page_01

IIOT COMPONENT CERTIFICATION BASED ON THE 62443 STANDARD

Certification enhancements described in this document add a small number of functional requirements to those in 62443-4-2, add process requirements to 62443-4-1, and identify IIoT-specific guidance for certifier validation of existing functional requirements and process requirements. Certifier validation enhancements include strengthening the validation that a product maintains its security posture over time in accordance with 62443-4-1. Future project phases are expected to examine other parts of 62443.

An industry-vetted set of IIoT security requirements helps asset owners gain the confidence that they can move forward to obtain the benefits of IIoT architectures, instead of pedaling backwards while they attempt to make the case that they have adequately mitigated accompanying cybersecurity risks.
Carol Muehrcke, contributing author