Podrobnosti návrhu

Číslo:65/756/CDV - IEC 62443-2-1 ED2
Zdroj:ISO\IEC\CEN\CENELEC
Komise:IEC/TC 65
Název komise:Industrial-process measurement and control
Návrh uveřejněn:19.08.2019
K připomínkám do:15.10.2019
Oblast zaměření:Řízení procesů
Contact email:cermak(at)agentura-cas.cz
Anotace:

IEC 62443‑2‑1 specifies asset owner security program (SP) requirements for an industrial automation and control system (IACS). This document uses the broad definition and scope of what constitutes an IACS as described in IEC 62443‑1‑1. In the context of this document, asset owner also includes the operator of the IACS.

This document recognizes that the lifespan of an IACS can exceed twenty years, and that many legacy systems contain hardware and software that are no longer supported. Therefore, the SP for a legacy system may address only a subset of the requirements defined in this document. For example, if its software is no longer supported, security patching requirements cannot be met. Similarly, backup software for older systems may not be available for all components of the IACS. As a result, this document recognizes that not all requirements can be met by legacy systems. In situations where specific requirements or subsets of requirements are applicable but unable to be implemented in legacy systems, then compensating countermeasures should be implemented where possible.

This document also recognizes that not all requirements specified in this document apply to all IACSs. For example, requirements associated with wireless technology or safety systems will not apply to IACSs that do not include wireless technology or safety systems technology. Similarly, malware protection requirements may not all apply to systems for which anti-malware software is not available for any of their devices. Therefore, the asset owner should identify the IACS security requirements that are applicable to its IACSs in their specific operating environments.

The elements of an IACS SP described in this document define required security capabilities that apply to the secure operation of an IACS. Although the asset owner is ultimately accountable for the secure operation of an IACS, implementation of these security capabilities often includes support from its service providers and product suppliers. For this reason, this document provides guidance for an asset owner when stating security requirements for their service providers and product suppliers, referencing other parts of the IEC 62443 series.

Figure 2 illustrates the security capabilities of the asset owner, service provider(s) and product supplier(s) of an IACS and their relationships to each other and to the Automation Solution. The Automation Solution is a technical solution implementing the functional capabilities necessary for the IACS. It is composed of hardware and software components that have been installed and configured to operate in the IACS. The IACS is a combination of the Automation Solution and the organizational measures necessary for its design, deployment, operation and maintenance.

Some of these capabilities rely on the appropriate application of integration maintenance capabilities defined in IEC 62443‑2‑4 [6] and technical security capabilities defined in IEC 62443‑3‑3 [10] and IEC 62443‑4‑2 [12].

Tento dokument můžete připomínkovat po jednotlivých částech  - stačí u příslušné části dokumentu vyplnit formulář v souladu s pokyny a kliknout na ‚Odeslat připomínku‘.

Prosíme, nepoužívejte vulgární výrazy a nevyužívejte tento prostor pro umisťování reklamy.