www.ISASecure.

org

Quick Start Guide:

An Overview of ISASecure®
Certification

International Society of Automation

Setting the Standard for Automation™ www.ISASecure.org
 www.ISASecure.org

Quick Start Guide:

An Overview of ISASecure® Certification
A certification scheme based on ISA/IEC 62443 Security
for Industrial Automation and Control Systems

Executive Summary
ISASecure® is a third-party conformity assessment scheme based
on the ISA/IEC 62443 series of standards. A third-party conformity
assessment scheme is also known as a certification scheme.
ISASecure® currently certifies Industrial Automation and Control
System (IACS) products and the security development lifecycle used
by Product Suppliers. Products include IACS Systems such as DCS
and SCADA, and IACS Components such as embedded devices, host
devices, network devices, and software applications.
The ISA Security Compliance Institute (ISCI) is the owner and developer
of the ISASecure® Certification Scheme, which is the set of rules and
procedures that identifies the types of products and processes being
assessed, identifies the specified requirements, and provides the
methodology to perform a certification. ISCI is a non-profit subsidiary
of the International Society of Automation (ISA), and includes Asset
Owners, Product Suppliers, certification bodies, and other interested
organizations as members.
While ISCI develops and maintains the ISASecure® Certification Scheme,
it does not perform the certification itself. This is done by an ISASecure®
Certification Body, which is an organization that specializes in third-
party conformity assessments. Certification bodies are accredited
by an accreditation body based on the ISO/IEC 17065 standard [43],
which addresses topics such as confidentiality and impartiality in the
certification process. Through the accreditation and certification process,
an ISASecure® Certificate issued by an ISASecure® Certification Body is Certified System
recognized globally and demonstrates that the applicable ISA/IEC 62443
requirements have been met.
ISASecure
Currently available ISASecure® Certification Schemes are: Certified Component
• Security Development Lifecycle Assurance (SDLA) – a ISASecure
certification that the Product Supplier’s security development
lifecycle meets the requirements of ISA/IEC-62443-4-1 – Product Figure 1 - ISASecure® Product
security development lifecycle requirements. [36] Certification Schemes

1
www.ISASecure.org

• System Security Assurance

(SSA) – a certification that the IACS Table of Contents
System meets the requirements of
ISA/IEC-62443-3-3 – System security Executive Summary...................................................1
requirements and security levels [35] Introduction................................................................3
and has been developed using SDLA
Understanding ISA/IEC 62443...............................3
certified processes.
• Component Security Assurance Scope and Purpose....................................................3
(CSA) – a certification that the IACS Relevant ISA/IEC 62443 Standards............................4
Component meets the requirements of
Principal Roles...........................................................5
ISA/IEC-62443-4-2 – Technical security
requirements for IACS components [37] Component, System, Automation Solution and IACS.....5
and has been developed using SDLA Risk Assessment.......................................................6
certified processes. IACS Components
Zone and Conduit......................................................6
include embedded devices, host
devices, network devices and software Security Level............................................................7
applications. Lifecycle View...........................................................8
The primary benefit of third-party ISASecure® Certification..........................................9
conformity assessment, or certification,
ISA Security Compliance Institute..............................9
is that it establishes trust between IACS
stakeholders (Asset Owners, Product ISASecure® Certification Scheme.............................10
Suppliers, and Service Providers) that ISASecure® Security Development
the applicable requirements of ISA/IEC Lifecycle Assurance (SDLA).....................................11
62443 have been met. While conformity
ISASecure® System Security Assurance (SSA)........12
assessments can be performed by a first-
party (e.g. Product Supplier) or a second- ISASecure® Component Security Assurance (CSA).....12
party (e.g. Asset Owner), the independence Using the ISASecure® Certification Scheme.....13
and capabilities of an accredited third-party Benefits of using ISASecure® Certification...............13
assessor provides a higher level of trust
ISASecure® for Asset Owners and Operators...........14
that the product or process meets the
specified requirements. ISASecure® for Integration Service Providers...........14
ISASecure® benefits for the Asset Owner ISASecure® for Product Suppliers............................15
and Integration Service Provider (or system
Frequently Asked Questions.................................15
integrator) include the procurement of
IACS products that have been designed Published ISASecure® Specifications.................17
and developed using the ISA/IEC 62443 Security Development Lifecycle Assurance 3.0.0......17
security development lifecycle, and that System Security Assurance 4.0.0.............................17
have the capability to meet the technical
Component Security Assurance 1.0.0......................17
requirements of ISA/IEC-62443 standards.
ISASecure® benefits for the Product Published Standards and Technical Reports.....17
Supplier include improved product security References................................................................18
through independent assessment of
their products and security development
lifecycle, and improved product sales via
the use of ISASecure® Certifications in
product marketing.

2
 www.ISASecure.org

Introduction
This document provides an overview of the ISASecure® Certification Scheme
for the Security of Industrial Automation and Control Systems (IACS), which
is based on the ISA/IEC 62443 series of standards. The goal of the ISA/IEC
62443 Series is to improve the safety, integrity, availability and confidentiality of
Industrial Automation and Control System (IACS) using a risk-based, methodical
and complete process throughout the entire lifecycle. The ISA/IEC 62443
Series describes a set of common terms and requirements that can be used by
Asset Owners, Product Suppliers and Service Providers to secure their control
systems and the equipment they control. The ISASecure® Certification Scheme
independently demonstrates that the specified requirements of ISA/IEC 62443
standards have been met.

Understanding ISA/IEC 62443

In order to understand the ISASecure® Certification Scheme, we must first
understand the ISA/IEC 62443 standards upon which they are based. The
following topics are excerpts from Quick Start Guide: An Overview of ISA/IEC
62443 Standards [44] that provides a user-friendly high-level description of the
ISA/IEC 62443 Series of Standards. The Quick Start Guide can be found at:
https://gca.isa.org/isagca-quick-start-guide-62443-standards

Scope and Purpose

The scope of the ISA/IEC 62443 Series is the Security of
Industrial Automation and Control Systems (IACS). An IACS is
defined as a collection of personnel, hardware, software and
policies involved in the operation of the industrial process
and that can affect or influence its safe, secure and reliable
operation.
Pr

Note that an IACS includes more than the technology

le

oc

that comprises a control system; it also includes

op

es

the people and work processes needed to ensure

Pe

the safety, integrity, availability and confidentiality

s

of the control system. Without people that are Security

sufficiently trained, risk appropriate technologies
and security measures, and work processes
throughout the security lifecycle, an IACS
could be more vulnerable to cyberattack.
Technology

Figure 2 - The Security Triad

3
www.ISASecure.org

Relevant ISA/IEC 62443 Standards

The following ISA/IEC 62443 standards Requirements Specification. This standard
are needed to understand the ISASecure® is primarily directed at Asset Owners and
Certification Scheme: [4] Integration Service Providers. [34]
• Part 1-1: Terminology, concepts and models • Part 3-3: System security requirements and
introduces the concepts and models used security levels describes the requirements for
throughout the series. The intended audience an IACS System based on Security Level. The
includes anyone wishing to become familiar principal audience includes Product Suppliers
with the fundamental concepts that form the of IACS System products, Integration Service
basis for the series. [29] Providers and Asset Owners. [35]
• Part 2-1: Establishing an IACS security • Part 4-1: Product security development
program describes what is required to life-cycle requirements describes the
define and implement an effective IACS requirements for a Product Supplier’s security
cyber security management system. The development lifecycle. The principal audience
intended audience includes Asset Owners include Product Suppliers of IACS System
who have responsibility for the design and and IACS Component products. [36]
implementation of such a program. [30] • Part 4-2: Technical security requirement
• Part 3-2: Security risk assessment for for IACS Components describes the
system design addresses cybersecurity requirements for IACS Components based
risk assessment and system design for on Security Level. IACS Components include
IACS. The outputs of this process are a embedded devices, host devices, network
Zone and Conduit model, associated Risk devices and software applications. The
Assessments and Target Security Levels. principal audience includes Product Suppliers
These are documented in the Cybersecurity of IACS Component products. [37]

Figure 3 - The ISA/IEC 62443 Series

4
 www.ISASecure.org

Principal Roles
To understand how to use the ISA/IEC 62443 Roles Industrial automation and control system (IACS)
accountable for
Series it is first necessary to understand the Asset Owner Operation and routine maintenance according
relationship between roles, control system, operates to security policies and procedures

Automation Solution and IACS. Figure 4 visualizes Maintenance maintains Automation Solution
Service Provider
this relationship. Essential Functions
commissions and
validates Control Safety Complementary
The left-hand side of the drawing shows the roles Integration
Service Provider designs and
functions functions functions

that are identified in the ISA/IEC 62443 Series: deploys

• Asset Owner is accountable and responsible IACS environment

Includes configured products
for the IACS. The Asset Owner is also the (control systems and components)

operator of the IACS and the Equipment Under Role Products

Control. Components Control systems
(as a combination of
Supporting components)
Product
• Maintenance Service Provider provides Supplier
develops
and supports
software
applications
Embedded
devices
Zone Zone
support activities for an Automation Solution. Network Hosted
devices devices
• Integration Service Provider provides integration
activities for an Automation Solution including Independent of IACS environment

design, installation, configuration, testing,

commissioning and handover to the Asset Figure 4 - Roles, Products, Automation Solution and IACS
Owner. The Integration Service Provider
may also facilitate and assist in the activity to Component, System, Automation
partition the System Under Consideration into Solution and IACS
Zones and Conduits and perform the Risk The right-hand side of the drawing shows the
Assessment. types of IACS Systems and IACS Components
• Product Supplier is the organization that that are identified in the ISA/IEC 62443 Series:
manufactures and supports a hardware and/ • IACS Components are provided by a Product
or software product. Products may include Supplier and include the following types:
IACS Systems and IACS Components such • Embedded device – special purpose device
as embedded devices, host devices, network designed to directly monitor or control an
devices and/or software applications. industrial process
It is important to understand that a role is not • Host device – general purpose device
necessarily an organization. An organization running an operating system capable of
can have multiple roles, and the responsibilities hosting one or more software applications,
for a particular role can be split among multiple data stores or functions from one or more
organizations. For example, an Asset Owner Product Suppliers
organization can have the Operations role • Network device – device that facilitates
and all or part of the Maintenance Service data flow between devices, or restricts the
Provider role. It is also not uncommon that a data flow, but may not directly interact with
Product Supplier organization has the Product a control process
Supplier role, the Integration Service Provider • Software application – one or more
role, and portions of the Maintenance Service software programs and their dependencies
Provider role. Finally, while all or part of the that are used to interface with the control
responsibilities in a role can be delegated to system or the Equipment Under Control.
other organizations, the accountability for • IACS System (or Control System) consists of
the IACS must remain with the Asset Owner an integrated set of IACS Components which
organization. is provided by a Product Supplier.

5
www.ISASecure.org

• Automation Solution is the realization of IACS A Conduit is defined as a logical grouping of

Systems and Components at a particular communication channels that share common
facility. It includes essential functions such security requirements connecting two or more
as safety functions and control functions zones.
and other supporting functions such as Partitioning the System Under Consideration
historization and engineering. It is specified into Zones and Conduits can also reduce overall
by the Asset Owner and provided by the risk by limiting the scope of a successful cyber-
Integration Service Provider. attack. Part 3-2 requires or recommends that
• The Industrial Automation and Control System some assets are partitioned as follows:
(IACS) includes the Automation Solution and • Shall separate business and control system
the operational and maintenance policies assets
and procedures necessary to support it. It is • Shall separate safety related assets
operated by the Asset Owner and maintained • Should separate temporarily connected devices
by the Asset Owner and/or Maintenance • Should separate wireless devices
Service Provider. • Should separate devices connected via
external networks
Risk Assessment
Part 3-2 describes the requirements for
addressing the cybersecurity risks in an IACS, ZCR 1 - Identify the System
Under Consideration (SUC)
including the use of Zones and Conduits, and
Security Levels. While Part 3-2 includes the
requirements for the risk assessment process,
ZCR 2 - Perform an initial
it does not specify the exact methodology to be cybersecurity risk assessment
used. The methodology used must be established
by the Asset Owner and should be consistent
with the overall risk assessment methodology ZCR 3 - Partition the SUC into
of the organization. Examples using the risk Zones and Conduits

matrix methodology are included as informative

content. Figure 5 shows the risk assessment
process. [34]
No ZCR 4 - Initial risk exceeds
tolerable risk?
Zone and Conduit
Yes
A key step in the Risk Assessment process is
to partition the System Under Consideration ZCR 5 - Perform a detailed
into separate Zones and Conduits. The intent cybersecurity risk assessment
is to identify those assets which share common
security characteristics in order to establish a set
of common security requirements that reduce
cybersecurity risk. [34] ZCR 6 - Document cybersecurity requirements,
assumptions, constraints
A Zone is defined as a grouping of logical or
physical assets based upon risk or other criteria
such as criticality of assets, operational function, ZCR 7 - Asset owner approval
physical or logical location, required access or
responsible organization. Figure 5 - Risk Assessment Process

6
 www.ISASecure.org

Security Level the result of the Risk Assessment process

[34] and are documented in the Cybersecurity
Security Level is defined as the measure of
Requirements Specification. [34] SL-T are used
confidence that the system under consideration,
to select products and design additional security
security zone or conduit is free from vulnerabilities
measures during the integration phase of the
and functions in the intended manner. [34]
Automation Solution security lifecycle.
Part 3-3 further defines the Security Level • Achieved Security Levels (SL-A) are the
in terms of the means, resources, skills and actual levels of security for zones and
motivation of the threat actor, as shown in Table conduits in a particular Automation Solution.
1. It is used as a means to discriminate between These are measured after the Automation
requirement enhancements for IACS Systems Solution is commissioned and in operation.
[35] and IACS Components. [37] Part 2-2 combines SL-A with operational and
There are three types of Security Levels that are maintenance policies and processes to form
used throughout the ISA/IEC 62443 Series: the Security Program Rating for a particular
• Capability Security Levels (SL-C) are the level Automation Solution.
of security that IACS Systems [35] or IACS It is important to note that the ISASecure® SSA and
Components [37] can provide when properly CSA Certifications only demonstrate that the IACS
integrated and configured. These levels state Systems or Components offered by a Product
that a particular IACS System or Component Supplier have achieved a Capability Security Level
is capable of meeting the SL-T natively without (SL-C) in accordance with ISA/IEC 62443-3-3
additional compensating security measures. [35] and ISA/IEC 62443-4-2 [37] respectively. The
Target Security Levels (SL-T) are the desired level Asset Owner must add the appropriate policies,
of security for zones and conduits in a particular processes and skilled personnel to meet the
Automation Solution. They are determined as Achieved Security Level (SL-A).

Security Definition Means Resources Skills Motivation

Level

1 Protection against casual or coincidental

violation

2 Protection against intentional violation using simple low generic low

simple means with low resources, generic
skills and low motivation

3 Protection against intentional violation sophisticated moderate IACS moderate

using sophisticated means with moderate specific
resources, IACS specific skills and moderate
motivation

4 Protection against intentional violation sophisticated extended IACS high

using sophisticated means with extended specific
resources, IACS specific skills and high
motivation

Table 1 - Security Level Definition

7
 www.ISASecure.org

Lifecycle View
Another view of the ISA/IEC 62443 Series is the Automation Solution Security Lifecycle. This is
lifecycle view. There are two independent lifecycles because while the Product Supplier is the main
described in the series: the Product Security audience for Part 3-3, the Integration Service
Lifecycle, and the Automation Solution Security Provider may also combine IACS Components
Lifecycle. The Automation Solution Security to create IACS Systems. An example would
Lifecycle is further divided into an Integration be a SCADA system, where the Integration
Phase and an Operation and Maintenance Phase. Service Provider combines the SCADA system
Table 2 shows the relationship between the Parts with embedded devices (e.g. PLC) to create an
of the ISA/IEC 62443 Series and the various Automation Solution. The ISASecure® Certification
lifecycles and phases. Scheme currently includes certification of
Note that Part 3-3 spans the Product Security products and the security development lifecycle
Lifecycle and the Integration Phase of the in the Product Development Lifecycle.

Automation Solution Lifecycle

Product Development Lifecycle
Integration Operation and Maintenance

Part 1-1: Terminology, Concepts, and Models

Part 2-1: Establishing an IACS Security Program

Part 2-2: IACS Security Program Rating

Part 2-3: Patch Management in the IACS Environment

Part 2-4: Security Program Requirements for IACS Service Providers

Part 3-2: Security Risk Assessment for System Design

Part 3-3: System Security Requirements and Security Levels

Part 4-1: Product Security Development

Lifecycle Requirements

Part 4-2: Technical Security Requirements

for IACs Components

Table 2 - ISA/IEC 62443 Standards - Lifecycle View

8
 www.ISASecure.org

ISASecure® Certification

ISA Security Compliance Institute

The ISA Security Compliance Institute (ISCI) is the owner and developer
of the ISASecure® Certification Scheme. ISCI is one of several
operational groups within the Automation Standards Compliance
Institute (ASCI), which is a 501c non-profit corporation owned by the
International Society of Automation (ISA).
The organization’s mission is to decrease the time, cost, and risk of
developing, acquiring, and deploying control systems by establishing
a collaborative industry-based program among Asset Owners, Product
Suppliers, Service Providers and other stakeholders to:
• Facilitate the independent testing and certification of control system
products to a defined set of control system security standards;
• Use existing control system security industry standards, where
available, develop or facilitate development of interim standards
where they don’t already exist, and adopt new standards when they
become available;
• Accelerate the development of industry standards that can be used
to certify that control systems products meet a common set of
security requirements.
• The standards, tests, and conformance processes for control
systems products will allow the products to be securely integrated.
The ultimate goal is to push the conformance testing into the product
development life cycle so that the products are intrinsically secure.

Information about the ISA Security Compliance Institute and the ISASecure® Certification
Scheme is publicly available and can be found at www.isasecure.org
• ISCI Membership - https://www.isasecure.org/en-US/About-Us/Current-Members
• ISASecure® Certification Scheme - https://www.isasecure.org/en-US/Certification
• ISASecure® Certification Bodies - https://www.isasecure.org/en-US/Certification-
Bodies
• ISASecure® Certified IACS Components - https://www.isasecure.org/en-US/End-
Users/Certified-Components
• ISASecure® Certified IACS Systems – https://www.isasecure.org/en-US/End-Users/
Certified-Systems
• ISASecure® Certified SDL - https://www.isasecure.org/en-US/End-Users/Certified-
Development-Organizations
• Types of products - https://www.isasecure.org/en-US/Documents/06-0519-What-
Products-are-Certifiable-revise-27Jun

9
 www.ISASecure.org

ISASecure® Certification Scheme Bodies, perform the assessment and issue

ISASecure® Certificates for IACS Systems,
Table 3 describes the ISASecure® Certification
Components and product security development
Scheme using the terms and definitions found
lifecycles. The Product Suppliers’ proprietary
in ISO/IEC 17000 – Conformity assessment –
information is held in confidence by the
Vocabulary and general principles [12].
• ISASecure® is a third-party conformity ISASecure® Certification Body.
assessment scheme, also known as a • ISASecure® Accreditation Bodies assess
certification scheme. The ISASecure ® the capability of ISASecure® Certification
Certification Scheme currently includes Bodies to perform ISASecure® Certifications
SDLA, SSA and CSA. by assessing their competence, consistent
• The ISASecure® Certification Scheme is operation and impartiality.
based on the specified requirements in the • The ISA Security Compliance Institute is the
ISA/IEC 62443 series of standards. certification scheme owner and is responsible
• ISASecure® third-party conformity assessment for the development and maintenance of the
bodies, also known as ISASecure® Certification ISASecure® Certification Scheme.

Term Definition ISASecure equivalent

Conformity demonstration that specified requirements are met. Conformity

Assessment assessments can be first-party, second-party or third-party.

Specified need or expectation that is stated ISA/IEC 62443 standards

Requirements

Certification third-party conformity assessment, excluding accreditation ISASecure® certification

Conformity set of rules and procedures that describes the objects of conformity
Assessment assessment, identifies the specified requirements, and provides the
Scheme methodology of performing conformity assessment

Certification third-party conformity assessment scheme ISASecure® certification

Scheme scheme

Conformity body that performs conformity assessment activities, excluding

assessment body accreditation

Certification body third-party body that performs conformity assessment activities, ISASecure® certification body
excluding accreditation

Accreditation third-party attestation related to conformity assessment body conveying ISASecure® accreditation
formal demonstration of its competence, consistent operation and
impartiality in performing specific conformance assessment activities

Accreditation body body that performs accreditation ISASecure® accreditation

body

Certification Person or organization responsible for development and maintenance ISA Security Compliance
Scheme Owner of a conformity assessment scheme Institute

Table 3- ISO/IEC 17000 conformity assessment terms

10
 www.ISASecure.org

Figure 6 shows the roles and responsibilities for

the ISASecure® Certification Scheme: Figure 6 – ISASecure® roles IACS Asset
• The ISA Security Compliance Institute develops and responsibilities Owner
and maintains the ISASecure® Certification
Scheme based on applicable ISA/IEC 62443 Specifies Provides Certified
standards and selects accreditation bodies that ISASecure Products
Provides
meet the requirements of ISO/IEC 17011 [13]. Certification
• ISASecure® Accreditation Bodies assess Accreditation Scheme ISA Security IACS System
Body Compliance Integrator
the capabilities of ISASecure® Certification (ISO 17011) Institute
Bodies and accredit them in accordance with
the ISASecure® Certification Scheme, ISO/ Provides
Certification
Notifies
Certified
Specifies Provides Certified
ISASecure Product
IEC 17025 [14], and ISO/IEC 17065 [15]. Scheme Product

• IACS Asset Owners and IACS Integration Submits

Product
Service Providers specify that the products Certification IACS Product
Provides Accreditation Body Supplier
used for their Automation Solutions are (ISO 17065, 17025)
Provides
certified in accordance with the ISASecure® Certificate

Certification Scheme at a specified Capability

Security Level (SL-C). • Specification of security requirements (SR)
• IACS Product Suppliers request certifications
• Secure by design (SD)
for their security development lifecycle and
• Secure implementation (SI)
their IACS products from an ISASecure®
• Security verification and validation testing (SVV)
Certification Body in accordance with the
• Management of security-related issues (DM)
ISASecure® Certification Scheme.
• Security update management (SUM)
• If the conformity assessment of the security
• Security guidelines (SG)
development lifecycle and the product
demonstrates that the applicable requirements For initial SDLA certification, the certification
of ISA/IEC 62443 are met, then the IACS body will verify that the Product Supplier has
Product Supplier receives an ISASecure® a documented security development lifecycle
Certificate, which is available to the Integration under change control that complies with SDLA
Service Provider and Asset Owner on the requirements. The certification body will also
ISASecure.org website. review selected artifacts showing the Product
Supplier has executed the documented
ISASecure® Security processes. If some required artifacts are not yet
Development Lifecycle available, but the Product Supplier demonstrates
readiness to execute related aspects of the
Assurance (SDLA) security development lifecycle, an initial certificate
The ISASecure® Security Development Lifecycle may be granted with a 12 month duration. During
Assurance (SDLA) certification scheme is based on this time, if the remaining artifacts are presented,
ISA/IEC-62443-4-1:2018 – Security for industrial a final SDLA certificate is granted.
automation and control systems, Part 4-1: Product
security development life-cycle requirements. [36]
Security Development Lifecycle Assurance (SDLA)
The ISASecure® SDLA certification scheme [1]
includes a Software Development Lifecycle Process Security Development Lifecycle Process
Assessment (SDLPA)
Assessment (SDPLA), which includes the following
eight practices from ISA/IEC-62443-4-1:
• Security Management (SM) Figure 7 - ISASecure® SDLA

11
www.ISASecure.org

An ISASecure® SDLA certification expires There are four elements included in the
in three years and may be extended once the ISASecure® SSA certification scheme:
Product Supplier passes a recertification audit. • Security Development Lifecycle Process
The recertification audit verifies that changes Assessment for Systems (SDLPA-S) –
to the previously certified security development the Product Supplier must hold a current
lifecycle are recorded and comply with the ISASecure® SDLA certification, and the
current version of SDLA, and that the current system being certified is included in the scope
security development lifecycle is being followed of that SDLA certification. [15]
for all products within its defined scope. • Security Development Artifacts for Systems
(SDA-S) – an examination of the artifacts
Since both the ISASecure® System Security
required by the SDLA certification for the
Assurance (SSA) and ISASecure® Component
system that is being certified. [13]
Security Assurance (CSA) certification schemes
• Functional Security Assessment for Systems
require an assessment of the Product Suppliers’
(FSA-S) – an assessment that each security
security development lifecycle, the SDLA
zone in the system meets the requirements of
certification allows the Product Supplier to
ISA/IEC-62443-3-3 for the specified Security
complete this certification once and apply it to
Level. The ISASecure® Certificate will list
multiple product certifications.
the Capability Security Level (SL-C) for each
security zone in the system. [12]
ISASecure® System Security • Vulnerability Identification Testing for Systems
Assurance (SSA) (VIT-S) – a scan of all network interfaces
The ISASecure® System Security Assurance of all IACS Components in each security
(SSA) certification scheme [8] is based on ISA/ zone from inside the security zone using the
IEC-62443-3-3:2013 – Security for industrial Tenable Network Security Nessus vulnerability
assessment tool with an ISASecure-specific
automation and control systems, Part 3-3: System
policy. [14]
security requirements and security levels. [35]
The ISASecure® SSA certification scheme ISASecure® Component
assesses the Capability Security Level (SL-C)
of the IACS System in accordance with ISA/ Security Assurance (CSA)
IEC-62443-3-3. IACS Systems that can be The ISASecure® Component Security Assurance
certified consist of an integrated set of IACS (CSA) certification scheme [18] is based on ISA/
Components, are under configuration control IEC-62443-4-2:2019 – Security for industrial
and version management, and are provided by a automation and control systems, Part 4-2: Technical
single Product Supplier. security requirements for IACS Components. [37]

System Security Assurance (SSA) Component Security Assurance (CSA)

Security Development Lifecycle Process Security Development Lifecycle Process

Assessment (SDLPA-S) Assessment (SDLPA-C)
Security Development Artifacts for Systems (SDA-S) Security Development Artifacts for Components (SDA-C)

Functional Security Assessment for Systems (FSA-S) Functional Security Assessment (FSA-C)

Vulnerability Identification Testing (VIT-S) Vulnerability Identification Testing (VIT-C)

Figure 8 - ISASecure® SSA Figure 9 - ISASecure® CSA

12
 www.ISASecure.org

There are four types of IACS Components that

can be assessed using the ISASecure® CSA
Using the ISASecure®
certification scheme: Certification Scheme
• Embedded devices such as controllers,
programmable logic controllers, and safety Benefits of using ISASecure®
instrumented systems Certification
• Host devices such as industrial computers, • The ISASecure® SDLA certification independently
embedded PCs, HMI panels and industrial demonstrates that the Product Supplier has
tablets used a product security development lifecycle
• Network devices such as routers, switches, that complies with ISA/IEC 62443-4-1 – Product
firewalls, wireless access points and security security development lifecycle requirements,
appliances which includes:
• Software applications such as control • A security development lifecycle integrated
application software, data historians and HMI with the product development lifecycle
software • Secure design including defense in depth
The ISASecure® CSA certification scheme and threat modelling
assesses the Capability Security Level (SL-C) of • Secure implementation and security
the IACS Component in accordance with ISA/ verification and validation testing
IEC-62443-4-2. Composite devices, which may • Management of security related issues
include more than one type of component, are and security update management
evaluated against all of the requirements for • Security hardening guidelines that are
each component type. available to Asset Owners and Integration
Service Providers
There are four elements included in the • The ISASecure® SSA certification independently
ISASecure® CSA certification scheme: demonstrates that IACS System products
• Security Development Lifecycle Process comply with the requirements of ISA/IEC-
Assessment for Components (SDLPA-C) 62443-3-3 – System security requirements and
– the Product Supplier must hold a current security levels at a specified Capability Security
ISASecure® SDLA certification, and the Level (SL-C).
component being certified is included in the • The ISASecure® CSA certification independently
scope of that SDLA certification. [26] demonstrates that IACS Components comply
• Security Development Artifacts for Components with the requirements of ISA/IEC-62443-4-
(SDA-C) – an examination of the artifacts 2 – Technical security requirements for IACS
required by the SDLA certification for the IACS components at a specified Capability Security
Component that is being certified. [24] Level (SL-C).
• Functional Security Assessment for • Products procured using the ISASecure®
Components (FSA-C) – an assessment that Certification Scheme have the capability to
the IACS Component meets the requirements support the requirements of ISA/IEC-62443-2-1
of ISA/IEC-62443-4-2 for the specified – Security program requirements for IACS asset
Security Level. [23] owners because the technical requirements
• Vulnerability Identification Testing for for IACS Systems and IACS Components are
Components (VIT-C) – a scan of all network derived from ISA/IEC-62443-2-1
interfaces of the IACS Component being • ISASecure® specifications are publicly available,
certified using the Tenable Network Security so all stakeholders can review the certification
Nessus vulnerability assessment tool with an criteria and how they are used to certify a security
ISASecure-specific policy. [25] development lifecycle or an IACS product

13
www.ISASecure.org

• The ISASecure® Certification Bodies are ISASecure® for Integration

accredited based on the ISO/IEC 17000
series of standards which allows ISASecure® Service Providers
Certifications to be globally recognized. How Integration Service Providers can use
• Product Suppliers can use ISASecure® ISASecure® Certification:
Certificates in product marketing for their 1. Establish company policy for the use of ISA/
products. IEC 62443
2. Update Integration Service Provider
ISASecure® for Asset Owners processes to comply with ISA/IEC-62443-2-4
– Security program requirements for service
and Operators providers
How Asset Owners can use ISASecure® 3. Independently certify that the Integration
Certification: Service Provider processes comply with
1. Establish company policy for the use of ISA/ ISA/IEC-62443-2-4. As of this publication,
IEC 62443 a certification using the IEC System of
2. Establish company policy for minimum IACS Conformity Assessment Schemes for
Security Level using ISA/IEC-62443-3-3 – Electrotechnical Equipment and Components
System security requirements and security (IECEE.org) is available. [9]
levels 4. Determine Asset Owner policies regarding
3. Perform/approve the IACS cybersecurity risk the use of ISA/IEC-62443 and ISASecure®
assessment, zone partitioning and selected for their projects, and minimum Security
Target Security Levels in accordance with ISA/ Levels for IACS Systems and Components.
IEC-62443-3-2 – Security risk assessment 5. Perform the IACS cybersecurity risk
and system design assessment, zone partitioning and Security
4. Document/approve the IACS Cybersecurity Level selection with the Asset Owner
Requirements Specification (CRS) that 6. Complete the IACS Cybersecurity
includes ISASecure® Certification Requirements Specification that includes
5. Procure IACS System and IACS Component ISASecure® Certification
products based on IACS CRS with 7. Procure IACS System and IACS Component
ISASecure® Certification products in accordance with IACS
Cybersecurity Requirements Specification
and ISASecure® Certification requirements
8. Complete the remaining integration phase
lifecycle steps and handover the IACS to the
Asset Owner.
Note: the steps to be completed by the Integration
Service Provider will depend on the scope of the
service agreement with the Asset Owner.

14
 www.ISASecure.org

ISASecure® for Product Suppliers 4. Design and develop IACS System products
to comply with ISA/IEC-62443-3-3 – System
For the Product Supplier certification supports
security requirements and security level
a proactive approach to achieve competence in
5. Independently certify that the IACS System
cybersecurity. It provides a recognized framework
and path to understanding, establishing and products comply with ISA/IEC-62443-3-
continuing to improve best practices within the 3 using the ISASecure® System Security
organization. Assurance (SSA) certification scheme
6. Design and develop IACS Component
How Product Suppliers can use ISASecure®
products to comply with ISA/IEC-62443-
Certification:
4-2 – Technical requirements for IACS
1. Establish company policy for the use of ISA/
components
IEC 62443
2. Update product development processes to 7. Independently certify that the IACS
comply with ISA/IEC-62443-4-1 – Product Component products comply with ISA/IEC-
security development lifecycle requirements 62443-3-3 using the ISASecure® System
3. Independently certify that the product Security Assurance (SSA) certification
development processes comply with ISA/ scheme
IEC-62443-4-1 using the ISASecure® Security 8. Maintain the SDLA certification by re-certifying
Development Lifecycle Assurance (SDLA) the product development processes every
certification scheme three years

Frequently Asked Questions

Is an ISASecure® Certification a point in time certification?

An ISASecure® product certificate is issued for a specific product and version.

A significant upgrade to the product requires a re-certification. The product
certification also requires that the Product Supplier has an ISASecure® SDLA
certification, which requires that security vulnerabilities found after the product is
released are analyzed and addressed, and threat models and security guidelines
are updated as new threats emerge.

How much does an ISASecure® Certification cost?

For the Asset Owner and Integration Service Provider, there is no additional cost
for an ISASecure® Certification. For the Product Supplier there are two parts of the total cost: the
ISASecure® Certification fee which is published on the ISASecure.org website, and the cost associate
with the conformity assessment itself which is negotiated with the ISASecure® Certification Body.

Are the security vulnerabilities of a certified product disclosed to the public?

If the ISASecure® Certification Body finds security vulnerabilities in the product during the certification
process, they are reported to the Product Supplier for resolution in accordance with ISA/IEC-62443-
4-1 and the SDLA certification.

15
www.ISASecure.org

Does the ISA Security Compliance Institute receive a Product Supplier’s proprietary
information?

ISASecure® Certification Bodies conduct assessments in accordance with ISO/IEC 17065 and
maintain the confidentiality of the Product Supplier’s assessment information. As the owner of the
ISASecure® Certification Scheme, random work products related to a Product Supplier assessment
may be examined by ISA Security Compliance Institute staff at infrequent intervals to ensure the
quality of the ISASecure® Certification Scheme or to process a complaint to ISCI lodged by a Product
Supplier.

Does the ISASecure SDLA certification support Maturity Levels?

The ISASecure® SDLA certification scheme currently does not assess the Maturity Level of the
organization for the processes that are defined in ISA/IEC-62443-4-1.

Is the ISASecure® Certification Scheme aligned with ISA/IEC-62443 standards?

The first ISASecure® Certification Schemes were introduced before the relevant ISA/IEC-62443
standards were published and were based on committee drafts. Since then, the relevant ISA/IEC-
62443 standards have been published, and all ISASecure® Certification Schemes have been updated
to conform to the published standards.

The ISASecure® Certification Scheme previously included Communication

Robustness Testing (CRT), has it been dropped in the most recent version?

Previous ISASecure® Certification Schemes included fuzz testing and network load testing (also
known as CRT) as specific tests to be completed by the ISASecure® Certification Body as part of
an SSA or EDSA certification. The ISA-62443-4-1 published standard includes a requirement that
the Product Supplier has a process to perform fuzz testing and network traffic load testing as part
of their security development lifecycle. The current version of ISASecure® SSA and CSA requires
the ISASecure® Certification Body to inspect the artifacts that the Product Supplier has completed
these tests for the product being assessed.

What happened to the ISASecure® Embedded Device Security Assurance (EDSA)

certification scheme?

The ISASecure® EDSA certification scheme was introduced before the ISA/IEC 62443-4-2 Technical
requirements for IACS components standard was published. This standard defines the requirements
for embedded devices, host devices, network devices, and software applications. The ISASecure®
Component Security Assurance (CSA) certification scheme was subsequently created to cover all
IACS Component types specified in ISA/IEC-62443-4-2. So EDSA is now a part of the ISASecure®
CSA certification.

16
 www.ISASecure.org

Published ISASecure® Component Security Assurance 1.0.0

18. CSA-100 – ISASecure Certification Scheme
Specifications
19. CSA-102 – Baseline Document Versions and
Security Development Lifecycle Errata
Assurance 3.0.0 20. CSA-204 – Instructions and Policies for Use of
1. SDLA-100 – ISASecure Certification Scheme The ISASecure® Symbol and Certificate

2. SDLA-102 – Baseline Document Versions and 21. CSA-300 – ISASecure Certification

Errata Requirements

3. SDLA-204 – Instructions and Policies for The 22. CSA-301 – Maintenance of ISASecure
Use of The ISASecure® Symbol and Certificate Certification

4. SDLA-205 – Certificate Document Format 23. CSA-311 – Functional Security Assessment for
Components
5. SDLA-300 – ISASecure Certification and
Maintenance of Certification Requirements 24. CSA-312 – Security Development Artifacts for
Components
6. SDLA-312 – Security Development Lifecycle
Assessment 25. SSA-420 – Vulnerability Identification Test
Specification
7. ISASecure-118 – Policy for Transition to SDLA
3.0.0 26. SDLA-100 – ISASecure Certification Scheme
27. SDLA-312 – Security Development Lifecycle
System Security Assurance 4.0.0 Assessment
28. ISASecure-117 – Policy for Transition to CSA
8. SSA-100 – ISASecure Certification Scheme
1.0.0 And SSA 4.0.0
9. SSA-102 – Baseline Document Versions and
Errata
Published Standards and
10. SSA-300 – ISASecure Certification Requirements
11. SSA-301 – Maintenance of ISASecure Technical Reports
Certification 29. ISA-62443-1-1-2007 / IEC TS 62443-1-
1:2009 – Security for Industrial Automation
12. SSA-311 – Functional Security Assessment for
and Control Systems, Part 1-1: Terminology,
Systems (FSA-S)
Concepts and Models
13. SSA-312 – Security Development Artifacts for
30. ISA-62443-2-1-2009 / IEC 62443-2-1:2010 –
Systems (SDA-S)
Security for Industrial Automation and Control
14. SSA-420 – Vulnerability Identification Test Systems, Part 2-1: Establishing an Industrial
Specification Automation and Control Systems Security
15. SDLA-100 – Isasecure Certification Scheme Program
16. SDLA-312 – Security Development Lifecycle 31. ANSI/ISA-TR62443-2-3-2015 / IEC TR 62443-
Assessment 2-3:2015 – Security for Industrial Automation
17. ISASecure-117 – Policy for Transition To CSA and Control Systems, Part 2-3: Patch
1.0.0 And SSA 4.0.0 Management in The IACS Environment

17
 www.ISASecure.org

32. ANSI/ISA-62443-2-4-2018 / IEC 62443-

2-4:2015+AMD1:2017 CSV – Security for
References
44. Quick Start Guide: An Overview of ISA/IEC
Industrial Automation and Control Systems, Part
62443 Standards, ISA Global Cybersecurity
2-4: Security Program Requirements For IACS
Alliance, https://gca.isa.org/blog/download-the-
Service Providers
new-guide-to-the-ISA/IEC-62443-Cybersecurity-
33. IEC Tr 62443-3-1:2009 - Security for Industrial Standards
Automation and Control Systems, Part 3-1:
45. NIST SP 800-82 Revision 2, Guide to Industrial
Security Technologies for Industrial Automation
Control Systems (ICS) Security
and Control Systems
46. The 62443 Series of Standards: Industrial
34. ANSI/ISA-62443-3-2-2020 / IEC-62443-3-2-2020
Automation and Control Security, ISA99
– Security for Industrial Automation and Control
Committee
Systems, Part 3-2: Security Risk Assessment and
System Design 47. Frequently Asked Questions: The ISA99
Committee and 62443 Standards, ISA99
35. ANSI/ISA-62443-3-3-2013 / IEC 62443-4-
Committee
2:2013 – Security for Industrial Automation and
Control Systems, Part 3-3: System Security 48. Instrumentation and Control Systems Security
Requirements Aand Security Levels Explained: The What and The Why, ISA99
Committee
36. ANSI/ISA-62443-4-1-2018 / IEC 62443-4-1:2018
– Security for Industrial Automation and Control 49. What’s The Difference Series: Compliance
Systems, Part 4-1: Product Security Development vs Certification, Miriam Boudreax, Mireaux
Life-Cycle Requirements Management Solutions, https://www.
mireauxms.com/blog/whats-the-difference-
37. ANSI/ISA-62443-4-2-2018 / IEC 62443-4-
series-compliance-vs-certification/
2:2019 – Security for Industrial Automation and
Control Systems, Part 4-2: Technical Security 50. Certification & Conformity, ISO.org, https://www.
Requirements for IACS Components iso.org/conformity-assessment.html
38. IEC TR 63069:2019 – Industrial-Process 51. Capability Maturity Model, wikipedia.org,
Measurement, Control and Automation – https://en.wikipedia.org/wiki/capability_
Framework for Functional Safety and Security maturity_model
39. IEC TR 63074:2019 – Safety of Machinery – 52. IEC System of Conformity Assessment
Security Aspects Related to Functional Safety of Schemes for Electrotechnical Equipment and
Safety-Related Control Systems Components (IECEE.org)
40. ISO/IEC DIS 17000, Conformity Assessment –
Vocabulary and General Principles
41. ISO/IEC 17011:2017, Conformity Assessment
– Requirements for Accreditation Bodies
Accrediting Conformity Assessment Bodies
42. ISO/IEC 17025:2017, General Requirements
for The Competence of Testing and Calibration
Laboratories
43. ISO/IEC 17065, Conformity Assessment –
Requirements for Bodies Certifying Products,
Processes and Services

18
View the ISASecure® Certifications at
www.isasecure.org/certification

International Society of Automation

www.ISASecure.org
67 T.W. Alexander Drive
Research Triangle Park, NC 27709
+1 919 990 9222
[email protected]

©2020 International Society of Automation Copyright © ISA – All Rights Reserved

06-0920