IEC TR 62443-3-1:2009
Current
The latest, up-to-date edition.
Industrial communication networks - Network and system security - Part 3-1: Security technologies for industrial automation and control systems
Hardcopy , PDF 1 User , PDF 3 Users , PDF 5 Users , PDF 9 Users
English
30-07-2009
Important note : All end users must be registered with an Account prior to user licenses being assigned.
FOREWORD
INTRODUCTION
1 Scope
2 Normative references
3 Terms, definitions and acronyms
3.1 Terms and definitions
3.2 Acronyms
4 Overview
5 Authentication and authorization technologies
5.1 General
5.2 Role-based authorization tools
5.3 Password authentication
5.4 Challenge/response authentication
5.5 Physical/token authentication
5.6 Smart card authentication
5.7 Biometric authentication
5.8 Location-based authentication
5.9 Password distribution and management technologies
5.10 Device-to-device authentication
6 Filtering/blocking/access control technologies
6.1 General
6.2 Network firewalls
6.3 Host-based firewalls
6.4 Virtual Networks
7 Encryption technologies and data validation
7.1 General
7.2 Symmetric (secret) key encryption
7.3 Public key encryption and key distribution
7.4 Virtual private networks (VPNs)
8 Management, audit, measurement, monitoring, and
detection tools
8.1 General
8.2 Log auditing utilities
8.3 Virus and malicious code detection systems
8.4 Intrusion detection systems (IDS)
8.5 Vulnerability scanners
8.6 Forensics and analysis tools (FAT)
8.7 Host configuration management tools (HCM)
8.8 Automated software management tools (ASM)
9 Industrial automation and control systems computer
software
9.1 General
9.2 Server and workstation operating systems
9.3 Real-time and embedded operating systems
9.4 Web technologies
10 Physical security controls
10.1 General
10.2 Physical protection
10.3 Personnel security
Annex A (informative) Trade name declarations
Bibliography
IEC/TR 62443-3-1:2009(E) provides a current assessment of various cybersecurity tools, mitigation counter-measures, and technologies that may effectively apply to the modern electronically based IACSs regulating and monitoring numerous industries and critical infrastructures. It describes several categories of control system-centric cybersecurity technologies, the types of products available in those categories, the pros and cons of using those products in the automated IACS environments, relative to the expected threats and known cyber vulnerabilities, and, most important, the preliminary recommendations and guidance for using these cybersecurity technology products and/or countermeasures.
| Committee |
TC 65
|
| DevelopmentNote |
Stability Date: 2018. (10/2012)
|
| DocumentType |
Technical Report
|
| Pages |
102
|
| PublisherName |
International Electrotechnical Committee
|
| Status |
Current
|
| Standards | Relationship |
| CAN/CSA-IEC/TR 62443-3-1:17 | Identical |
| DS/IEC TR 62443-3-1:2009 | Identical |
| PD IEC/TR 62443-3-1:2009 | Identical |
| CAN/CSA-IEC 62443-2-1:17 | Industrial communication networks — Network and system security — Part 2-1: Establishing an industrial automation and control system security program (Adopted IEC 62443-2-1:2010, first edition, 2010-11) | Réseaux industriels de communication — Sécurité dans les réseaux et les systèmes — Partie 2-1 : Établissement d’un programme de sécurité pour les systèmes d’automatisation et de commande industrielles (norme IEC 62443-2-1:2010 adoptée, première édition, 2010-11) |
| AAMI TIR57 : 2016 | PRINCIPLES FOR MEDICAL DEVICE SECURITY - RISK MANAGEMENT |
| EN IEC 62443-4-1:2018 | Security for industrial automation and control systems - Part 4-1: Secure product development lifecycle requirements |
| API RP 554-2:2023 | Process Control Systems— Process Control System Design |
| PD IEC/TR 61850-90-12:2015 | Communication networks and systems for power utility automation Wide area network engineering guidelines |
| IEC 62443-2-1:2010 | Industrial communication networks - Network and system security - Part 2-1: Establishing an industrial automation and control system security program |
| PD IEC/TS 62872:2015 | Industrial-process measurement, control and automation system interface between industrial facilities and the smart grid |
| BS IEC 62443-2-1 : 2010 | INDUSTRIAL COMMUNICATION NETWORKS - NETWORK AND SYSTEM SECURITY - PART 2-1: ESTABLISHING AN INDUSTRIAL AUTOMATION AND CONTROL SYSTEM SECURITY PROGRAM |
| 18/30267404 DC : 0 | BS EN 62443-3-2 - SECURITY FOR INDUSTRIAL AUTOMATION AND CONTROL SYSTEMS - PART 3-2: SECURITY RISK ASSESSMENT AND SYSTEM DESIGN |
| CAN/CSA-IEC 62443-3-3:17 | Industrial communication networks — Network and system security — Part 3-3: System security requirements and security levels (Adopted IEC 62443-3-3:2013, first edition, 2013-08) |
| I.S. EN IEC 62443-4-1:2018 | SECURITY FOR INDUSTRIAL AUTOMATION AND CONTROL SYSTEMS - PART 4-1: SECURE PRODUCT DEVELOPMENT LIFECYCLE REQUIREMENTS |
| BS IEC 62443-3-3:2013 | Industrial communication networks. Network and system security System security requirements and security levels |
| IEC TS 62872:2015 | Industrial-process measurement, control and automation system interface between industrial facilities and the smart grid |
| FIPS PUB 140 : 0001 | SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES |
| IEEE 802.1Q-2014 | IEEE Standard for Local and metropolitan area networks--Bridges and Bridged Networks |
| ISO/IEC 17799:2005 | Information technology Security techniques Code of practice for information security management |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.