IEC 62443 Industrial Cybersecurity Certification

Enhance the cyber resilience of industrial components and systems

Enhance the cyber resilience of industrial components and systems

Cybersecurity for cyber-physical systems

Across a variety of industries, from manufacturing and processing plants to energy suppliers and rail, cyber-physical systems are implemented to enable higher efficiencies, unmatched flexibility, and innovative business models. However, this also translates into a shift in the risk landscape, as cyber-attacks increase. Against this backdrop, suppliers and system integrators must optimize the cyber resilience of their components and systems by improving their development, integration, and support processes.

The IEC 62443 standard provides a structured approach to cybersecurity

IEC 62443 Industrial Cybersecurity CertificationInitially developed for the Industrial Automation and Control Systems supply chain, it has become the leading industrial cybersecurity standard for all types of plants, facilities, and systems across many industries.

The standard applies to component suppliers, system integrators, and asset owners.

The IEC 62443 standard doesn't solely address the technology that comprises a control system, but the work processes, countermeasures, and employees.

Through a set of defined process requirements, the standard ensures that all applicable security aspects are addressed in a structured manner.

Security aspects include a systematic approach to cybersecurity throughout the stages of:

  • Specification 
  • Integration
  • Operation
  • Maintenance 
  • Decommissioning

Furthermore, the standard foresees that processes get established to facilitate all necessary technical security functions. Adapted to the relevant project scope, it lays the foundations for cybersecurity robustness throughout the product and system lifetime.

IEC 62443 certification can also boost the competitiveness of the supplier and system integrator: A third-party certification demonstrates to asset owners and operators that the purchased component or system is based on a methodized and coherent approach to cybersecurity, in line with industry best practice.

TÜV SÜD can help you achieve certification

TÜV SÜD was one of the first companies to provide IEC 62443 certification. Suppliers and system integrators worldwide partner with us to confirm their compliance to applicable process requirements as laid out in the standard.

Our extensive experience with industrial processes, combined with profound expertise in industrial cybersecurity, makes us uniquely positioned to assess your security processes and solutions. Our methodology for risk analysis, applying both security and safety aspects, is proven in the field. Our experts actively participate in international standardization committees, gaining valuable insights on the latest regulatory developments. Our experts’ relentless commitment to instill safe operations across industries, means that the TÜV SÜD certification mark has become a globally renowned symbol for safety, security, and trust.

Key documents in the iec 62443 series

Of the 14 separate documents in the IEC 62443 series, these cybersecurity requirements represent a good starting point for industrial organizations seeking to secure their automation control systems from cyber threats.

IEC 62443 Section
Description  

IEC 62443-2-1 Edition 2

 Establishing an industrial automation and control system security program
IEC 62443-2-4 Security program requirements for IACS service providers 
 IEC 62443-3-2 Security risk assessment for system design
IEC 62443-3-3 System security requirements and security levels 
IEC 62443-4-1 Secure product development lifecycle requirements
IEC 62443-4-2 Technical security requirements for IACS components 

 

The standard addresses security processes along the complete supply chain. For product suppliers, TÜV SÜD provides certification services based on IEC 62443-4-1 Secure Product Development Lifecycle. The standard applies to the supplier’s overall security programs, and to the security processes connected to the development of the relevant component and control system.

Corresponding certifications are available to system integrators based on IEC 62443-2-4 Security Program for Service Providers.

Beside the generic process aspects during product development and system integration, the standard specifies technical security requirements to components and systems. These technical requirements are described in IEC 62443-4-2 and IEC 62443-3-3. The assessment of both process and technical requirements are the basis for the certification of components and systems, respectively.


Contact Us

Next Steps

Site Selector