EN IEC 62443-4-1:2018
Current
The latest, up-to-date edition.
Security for industrial automation and control systems - Part 4-1: Secure product development lifecycle requirements
03-23-2018
FOREWORD
INTRODUCTION
1 Scope
2 Normative references
3 Terms, definitions, abbreviated terms, acronyms
and conventions
4 General principles
5 Practice 1 - Security management
6 Practice 2 - Specification of security requirements
7 Practice 3 - Secure by design
8 Practice 4 - Secure implementation
10 Practice 6 - Management of security-related issues
11 Practice 7 - Security update management
12 Practice 8 - Security guidelines
Annex A (informative) - Possible metrics
Annex B (informative) - Table of requirements
Bibliography
Annex ZA (normative) - Normative references to
international publications with their
corresponding European publications
IEC 62443-4:2018(E) specifies the process requirements for the secure development of products used in industrial automation and control systems. This specification is part of a series of standards that addresses the issue of security for industrial automation and control systems (IACS). IEC 62443-4 defines secure development life-cycle (SDL) requirements related to cyber security for products intended for use in the industrial automation and control systems environment and provides guidance on how to meet the requirements described for each element. The life-cycle description includes security requirements definition, secure design, secure implementation (including coding guidelines), verification and validation, defect management, patch management and product end-of-life. These requirements can be applied to new or existing processes for developing, maintaining and retiring hardware, software or firmware.Note that these requirements only apply to the developer and maintainer of the product, and are not applicable to the integrator or the user of the product. A summary list of the requirements is provided in Annex B.
Committee |
CLC/TC 65X
|
DocumentType |
Standard
|
PublisherName |
European Committee for Standards - Electrical
|
Status |
Current
|
Standards | Relationship |
NEN EN IEC 62443-4-1 : 2018 | Identical |
CEI EN IEC 62443-4-1:2018 | Identical |
SN EN IEC 62443-4-1 : 2018 | Identical |
SS-EN IEC 62443-4-1 : 2018 | Identical |
I.S. EN IEC 62443-4-1:2018 | Identical |
OVE EN IEC 62443-4-1:2018 11 01 | Identical |
PN-EN IEC 62443-4-1:2018-06 | Identical |
VDE 0802-4-1 : 2018-10 | Identical |
DIN EN IEC 62443-4-1 : 2018-10 | Identical |
NF EN IEC 62443-4-1:2018 | Identical |
UNE-EN IEC 62443-4-1:2019 | Identical |
IEC 62443-4-1:2018 | Identical |
UNE-EN IEC 62443-4-1:2018 | Identical |
BS EN IEC 62443-4-1:2018 | Identical |
ISO/IEC 15408-2:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components |
ISO/IEC 27001:2013 | Information technology — Security techniques — Information security management systems — Requirements |
ISO/IEC 29147:2014 | Information technology Security techniques Vulnerability disclosure |
IEC TS 62443-1-1:2009 | Industrial communication networks - Network and system security - Part 1-1: Terminology, concepts and models |
IEC 62740:2015 | Root cause analysis (RCA) |
IEC TR 62443-3-1:2009 | Industrial communication networks - Network and system security - Part 3-1: Security technologies for industrial automation and control systems |
ISO/IEC 15408-3:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components |
IEC 62443-2-1:2010 | Industrial communication networks - Network and system security - Part 2-1: Establishing an industrial automation and control system security program |
ISO/IEC 27002:2013 | Information technology Security techniques Code of practice for information security controls |
ISO/IEC 27036-3:2013 | Information technology — Security techniques — Information security for supplier relationships — Part 3: Guidelines for information and communication technology supply chain security |
ISO 9001:2015 | Quality management systems — Requirements |
ISO/IEC 15408-1:2009 | Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model |
ISO/IEC 10746-2:2009 | Information technology Open distributed processing Reference model: Foundations Part 2: |
ISO/IEC 30111:2013 | Information technology Security techniques Vulnerability handling processes |
ISO/IEC 10746-1:1998 | Information technology — Open Distributed Processing — Reference model: Overview — Part 1: |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.