IEC 62443-4:2018(E) specifies the process requirements for the secure development of products used in industrial automation and control systems. IEC 62443-4 defines secure development life-cycle (SDL) requirements related to cyber security for products intended for use in the industrial automation and control systems environment and provides guidance on how to meet the requirements described for each element. The life-cycle description includes security requirements definition, secure design, secure implementation (including coding guidelines), verification and validation, defect management, patch management and product end-of-life. These requirements can be applied to new or existing processes for developing, maintaining and retiring hardware, software or firmware.
Introduces the foundational security concepts and terminology for Internet of Things (IoT) systems and demonstrates their applications. Also introduces a holistic approach for identifying and mitigating the threats and vulnerabilities of IoT systems. Provides guidance on how to conduct threat modelling for IoT.
IEC 62443-2-4:2015 specifies requirements for security capabilities for IACS service providers that they can offer to the asset owner during integration and maintenance activities of an Automation Solution.
IEC 62443-3-3:2013(E) provides detailed technical control system requirements (SRs) associated with the seven foundational requirements (FRs) described in IEC 62443-1-1 including defining the requirements for control system capability security levels, SL-C(control system).