Cookies
We need your consent to use the individual data so that you can see information about your interests, among other things. Click "OK" to give your consent.
IEC 62443-2-1-ed.2.0
Security for industrial automation and control systems - Part 2-1: Security program requirements for IACS asset owners
Translate name
STANDARD published on 7.8.2024
The information about the standard:
Designation standards: IEC 62443-2-1-ed.2.0
Publication date standards: 7.8.2024
SKU: NS-1194490
The number of pages: 189
Approximate weight : 598 g (1.32 lbs)
Country: International technical standard
Category: Technical standards IEC
The category - similar standards:
Industrial process measurement and controlMultilayer applications
Annotation of standard text IEC 62443-2-1-ed.2.0 :
IEC 62443-2-1:2024 specifies asset owner security program (SP) policy and procedure requirements for an industrial automation and control system (IACS) in operation. This document uses the broad definition and scope of what constitutes an IACS as described in IEC TS 62443-1-1. In the context of this document, asset owner also includes the operator of the IACS. This document recognizes that the lifespan of an IACS can exceed twenty years, and that many legacy systems contain hardware and software that are no longer supported. Therefore, the SP for most legacy systems addresses only a subset of the requirements defined in this document. For example, if IACS or component software is no longer supported, security patching requirements cannot be met. Similarly, backup software for many older systems is not available for all components of the IACS. This document does not specify that an IACS has these technical requirements. This document states that the asset owner needs to have policies and procedures around these types of requirements. In the case where an asset owner has legacy systems that do not have the native technical capabilities, compensating security measures can be part of the policies and procedures specified in this document. This edition includes the following significant technical changes with respect to the previous edition: a) revised requirement structure into SP elements (SPEs), b) revised requirements to eliminate duplication of an information security management system (ISMS), and c) defined a maturity model for evaluating requirements. IEC 62443-2-1:2024 specifie les exigences de politiques et de procedures du programme de securite (SP) du proprietaire d’actif pour un systeme d’automatisation et de commande industrielle (IACS) operationnel. Le present document utilise, au sens large, la definition et le domaine d’application de ce qui constitue un IACS decrit dans l’IEC TS 62443-1-1. Dans le contexte du present document, le proprietaire d’actif inclut egalement l’operateur de l’IACS. Le present document reconnait que la duree de vie d’un IACS peut depasser vingt ans et que de nombreux systemes patrimoniaux contiennent du materiel et du logiciel qui ne sont plus pris en charge. Par consequent, le SP de la plupart des systemes patrimoniaux ne concerne qu’un sous-ensemble des exigences definies dans le present document. Les exigences en matiere de correctifs de securite, par exemple, ne peuvent pas etre satisfaites si l’IACS ou le logiciel composant n’est plus pris en charge. De meme, le logiciel de sauvegarde de la plupart des systemes plus anciens n’est pas disponible pour tous les composants de l’IACS. Le present document ne precise pas quun IACS doit satisfaire a ces exigences techniques. Il indique qu’il est necessaire que le proprietaire d’actif dispose de politiques et de procedures relatives a ces types dexigences. Dans le cas ou le proprietaire dactif possede des systemes patrimoniaux qui ne comportent pas des capacites techniques natives, des mesures de securite compensatoires peuvent faire partie des politiques et procedures specifiees dans le present document. Cette edition inclut les modifications techniques majeures suivantes par rapport a ledition precedente: a) la structure des exigences a ete revisee en elements SP (SPE – SP element); b) les exigences ont ete revisees pour eliminer la repetition dun systeme de management de la securite de linformation (SMSI); et c) un modele de stabilisation a ete defini pour levaluation des exigences.
We recommend:
Technical standards updating
Do you want to make sure you use only the valid technical standards?
We can offer you a solution which will provide you a monthly overview concerning the updating of standards which you use.
Would you like to know more? Look at this page.
