ISA/IEC 62443 Compliance

Compliance with IEC 62443 / ISA99 standards requires industrial control systems (ICS) to adopt a defense-in-depth architecture and an ongoing monitoring and review process. The NP platform brings the visibility and verification capabilities to ensure compliance with the fundamental networking requirements of the standards.

The consequences of a successful cyberattack on an Industrial Automation and Control System (IACS) is fundamentally different from those against a traditional IT system and can lead to loss of life or significant damage to the environment. The International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) have joined forces to address the need to improve the cybersecurity of IACS by publishing the ISA/IEC 62443 series. The main concepts promoted by the standards are that first, cybersecurity is an ongoing process and not a goal that can be reached. Second, security-by-design require defense in depth through layering multiple protective solutions. And third, ICS components need to be separated into zones based on security requirements and communications among zones need to go through well-defined conduits. NP-View and NP-Live have been designed by ICS experts to easily and independently visualize network zones and to verify inbound and outbound network conduits connectivity.

Foundational Requirements

NP-View and NP-Live ingest the configuration files of OT firewalls, routers, and layer-3 switches to automatically generate a comprehensive topology map of your ICS environment. The modeling engine computes all possible data flows in order to verify compliance with the following requirements:

  • IEC 62443 part 3-2: Security risk assessment for system design
    • ZCR 3: Partition the SUC into zones and conduits
      • ZCR 3.1: Establish zones and conduits.
      • ZCR 3.2: Separate business and IACS assets.
      • ZCR 3.3: Separate safety related assets.
      • ZCR 3.4: Separate temporarily connected devices.
      • ZCR 3.6: Separate devices connected via external networks.
    • ZCR 6: Document cyber security requirements, assumptions and constraints
      • ZCR 6.3: Zone and conduit drawings.
      • ZCR 6.4: Zone and conduit characteristics.
  • IEC 62443 part 3-3: System security requirements and security levels
    • FR 5 – Restricted data flow
      • SR 5.1: Network segmentation.
      • SR 5.2: Zone boundary protection.
  • IEC 62443 part 4-2: Technical security requirement for IACS components
    • FR 5 – Restricted data flow
      • CR 5.1: Network segmentation.
      • CR 5.2: Zone boundary protection.

Maturity Levels

The team at Network Perception will provide you with the expertise, technology, and know-how to mature your ICS network cybersecurity program from initial to improving. Step-by-step, NP-View and NP-Live provide the ease-of-use and independent verification needed to ensure that best practices are managed, documented, and continuously improved. In addition, the platform provides risk assessment grading, actionable reports, and dashboard to precisely measure your progress and validate the effectiveness of your internal controls over time.

Get Started Today with a Free Demo Account

Create Your Login