IEC 62443-4 pdf download

IEC 62443-4 pdf download.Security for industrial automation and control systems
1 Scope
This part of IEC 62443 specifies process requirements for the secure development of products used in industrial automation and control systems. It defines a secure development life-cycle (SDL) for the purpose of developing and maintaining secure products. This life-cycle includes security requirements definition, secure design, secure implementation (including coding guidelines), verification and validation, defect management, patch management and product end-of-life. These requirements can be applied to new or existing processes for developing, maintaining and retiring hardware, software or firmware for new or existing products. These requirements apply to the developer and maintainer of the product, but not to the integrator or user of the product. A summary list of the requirements in this document can be found in Annex B.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. IEC 62443-2-4:201 5, Security for industrial automation and control systems – Part 2-4: Security program requirements for IACS service providers IEC 62443-2-4:201 5/AMD1 :201 7
3 Terms, definitions, abbreviated terms, acronyms and conventions
3.1 Terms and definitions For the purposes of this document, the terms and definitions given in IEC TR 62443-1 -2 2 and the following apply. ISO and IEC maintain terminological databases for use in standardization at the following addresses: • IEC Electropedia: available at http://www.electropedia.org/ • ISO Online browsing platform: available at http://www.iso.org/obp 3.1.1 abuse case test case used to perform negative operations of a use case Note 1 to entry: Abuse case tests are simulated attacks often based on the threat model. An abuse case is a type of complete interaction between a system 3.1.2 access control <protection> protection of system resources against unauthorized access 3.1.3 access control <process> process by which use of system resources is regulated according to a security policy and is permitted by only authorized users according to that policy Note 1 to entry: Access control includes identification and authentication requirements specified in other parts of the IEC 62443 series. 3.1.4 administrator user who has been authorized to manage security policies/capabilities for a product or system 3.1.5 asset physical or logical object owned by or under the custodial duties of an organization, having either a perceived or actual value to the organization Note 1 to entry: In this specific case, an asset is an object that is part of an IACS. 3.1.6 asset owner individual or organization responsible for one or more IACSs 3.1.7 attack surface physical and functional interfaces of a system that can be accessed and, therefore, potentially exploited by an attacker 3.1.8 audit log event log that requires a higher level of integrity protection than provided by typical event logs Note 1 to entry: Audit logs are used to protect against claims that repudiate responsibility for an action. 3.1.9 authentication provision of assurance that a claimed characteristic of an identity is correct Note 1 to entry: Not all credentials used to authenticate an identity are created equally. The trustworthiness of the credential is determined by the configured authentication mechanism. Hardware or software-based mechanisms can force users to prove their identity before accessing data on a device. A typical example is proving the identity of a user usually through an identity provider. Note 2 to entry: Authentication includes verifying human users as well as non-human users such as devices or processes. 3.1.1 0 automation solution control system and any complementary hardware and software components that have been installed and configured to operate in an IACS 3.1.1 1 banned function software method that is no longer recommended to be used in software because more secure versions exist with less propensity for misuse Note 1 to entry: Banned functions are sometimes called banned methods or banned Application Programming Interfaces (APIs). 3.1.1 2 best practices guidelines for securely designing, developing, testing, maintaining or retiring products that the supplier has determined are commonly recommended by both the security and industrial automation communities EXAMPLE Least privilege, economy of mechanism and least common mechanism. 3.1.1 3 component one of the parts that make up a product or system Note 1 to entry: A component may be hardware or software and may be subdivided into other components. 3.1.1 4 configuration management discipline of identifying the components of an evolving system for the purposes of controlling changes to those components and maintaining continuity and traceability throughout the life-cycle