The ISA Security Compliance Institute (ISCI) has announced the availability of a system-level cybersecurity certification for industrial automation and control systems (IACS) products. ISCI also announced Q2 2014 availability of an organizational certification which ensures that suppliers are following cybersecurity development and support lifecycle processes for IACS products.
Supplier organizations are encouraged to contact an ISASecure-accredited lab for details on these new certifications and the steps for certifying IACS products and their organization’s product development and support lifecycle processes.
The new product certification is the System Security Assurance (ISASecure SSA) which assesses the cybersecurity of off-the-shelf industrial control systems and certifies conformance to IEC 62443-3-3. The objective of this certification is to ensure cybersecurity robustness for off-the-shelf control systems and to certify that the systems are free from known vulnerabilities. The SSA program description and certification specifications are available for download in PDF format from the ISCI website.
The new organizational certification is the Security Development Life Cycle Assurance (SDLA) certification which ensures that a supplier’s product development organization has institutionalized cybersecurity into their product development and support lifecycle processes and follows them consistently on an ongoing basis. The objective of this certification is to ensure that cybersecurity is designed into IACS products from the beginning and is followed throughout all product development and support lifecycle phases.