A system-level cyber security certification is now available for industrial automation and control systems (IACS) products, according to the ISA Security Compliance Institute (ISCI).
There will also be an organizational certification available in the second quarter this year that ensures suppliers are following cyber security development and support lifecycle processes for IACS products.
Suppliers can reach out to an ISASecure-accredited lab for details on these new certifications and the steps for certifying IACS products and their organization’s product development and support lifecycle processes.
The new product certification is the System Security Assurance (ISASecure SSA) which assesses the cyber security of off-the-shelf industrial control systems and certifies conformance to IEC 62443-3-3. The goal of this certification is to ensure cyber security robustness for off-the-shelf control systems and to certify the systems are free from known vulnerabilities. The SSA program description and certification specifications are available for download in PDF format from the ISCI website at www.isasecure.org.
The new organizational certification is the Security Development Life Cycle Assurance (SDLA) certification which ensures a supplier’s product development organization has institutionalized cyber security into their product development and support lifecycle processes and follows them consistently on an ongoing basis. The objective of this certification is to ensure security ends up designed into IACS products from the beginning and remains followed throughout all product development and support lifecycle phases.
ISCI has been certifying embedded devices under the Embedded Device Security Assurance certification (ISASecure EDSA) scheme. EDSA, the first ISASecure certification, assures cyber security for off-the-shelf embedded devices and lists certified devices from suppliers such as Honeywell and Yokogawa.
The ISASecure program is a part of the ISA Security Compliance Institute (ISCI) with a goal to accelerate industry-wide cyber security improvement for IACS.