{"id":244723,"date":"2024-10-19T16:05:03","date_gmt":"2024-10-19T16:05:03","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bs-en-iec-62443-4-12018\/"},"modified":"2024-10-25T11:04:31","modified_gmt":"2024-10-25T11:04:31","slug":"bs-en-iec-62443-4-12018","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bs-en-iec-62443-4-12018\/","title":{"rendered":"BS EN IEC 62443-4-1:2018"},"content":{"rendered":"

This part of IEC 62443<\/span> <\/span> specifies process requirements for the secure development of products used in industrial automation and control systems. It defines a secure development life-cycle (SDL) for the purpose of developing and maintaining secure products. This life-cycle includes security requirements definition, secure design, secure implementation (including coding guidelines), verification and validation, defect management, patch management and product end-of-life. These requirements can be applied to new or existing processes for developing, maintaining and retiring hardware, software or firmware for new or existing products. These requirements apply to the developer and maintainer of the product, but not to the integrator or user of the product. A summary list of the requirements in this document can be found in Annex B<\/span>.<\/p>\n

PDF Catalog<\/h4>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
PDF Pages<\/th>\nPDF Title<\/th>\n<\/tr>\n
2<\/td>\nundefined <\/td>\n<\/tr>\n
7<\/td>\nCONTENTS <\/td>\n<\/tr>\n
11<\/td>\nFOREWORD <\/td>\n<\/tr>\n
13<\/td>\nINTRODUCTION <\/td>\n<\/tr>\n
14<\/td>\nFigures
Figure 1 \u2013 Parts of the IEC 62443 series <\/td>\n<\/tr>\n
15<\/td>\nFigure 2 \u2013 Example scope of product life-cycle <\/td>\n<\/tr>\n
16<\/td>\n1 Scope
2 Normative references
3 Terms, definitions, abbreviated terms, acronyms and conventions
3.1 Terms and definitions <\/td>\n<\/tr>\n
21<\/td>\n3.2 Abbreviated terms and acronyms <\/td>\n<\/tr>\n
22<\/td>\n3.3 Conventions
4 General principles
4.1 Concepts <\/td>\n<\/tr>\n
23<\/td>\nFigure 3 \u2013 Defence in depth strategy is a key philosophy of the secure product life-cycle <\/td>\n<\/tr>\n
24<\/td>\n4.2 Maturity model <\/td>\n<\/tr>\n
25<\/td>\n5 Practice 1 \u2013 Security management
5.1 Purpose
Tables
Table 1 \u2013 Maturity levels <\/td>\n<\/tr>\n
26<\/td>\n5.2 SM-1: Development process
5.2.1 Requirement
5.3 Rationale and supplemental guidance
5.4 SM-2: Identification of responsibilities
5.4.1 Requirement
5.4.2 Rationale and supplemental guidance
5.5 SM-3: Identification of applicability
5.5.1 Requirement <\/td>\n<\/tr>\n
27<\/td>\n5.5.2 Rationale and supplemental guidance
5.6 SM-4: Security expertise
5.6.1 Requirement
5.6.2 Rationale and supplemental guidance
5.7 SM-5: Process scoping
5.7.1 Requirement <\/td>\n<\/tr>\n
28<\/td>\n5.7.2 Rationale and supplemental guidance
5.8 SM-6: File integrity
5.8.1 Requirement
5.8.2 Rationale and supplemental guidance
5.9 SM-7: Development environment security
5.9.1 Requirement
5.9.2 Rationale and supplemental guidance
5.10 SM-8: Controls for private keys
5.10.1 Requirement <\/td>\n<\/tr>\n
29<\/td>\n5.10.2 Rationale and supplemental guidance
5.11 SM-9: Security requirements for externally provided components
5.11.1 Requirement
5.11.2 Rationale and supplemental guidance
5.12 SM-10: Custom developed components from third-party suppliers
5.12.1 Requirement <\/td>\n<\/tr>\n
30<\/td>\n5.12.2 Rationale and supplemental guidance
5.13 SM-11: Assessing and addressing security-related issues
5.13.1 Requirement
5.13.2 Rationale and supplemental guidance
5.14 SM-12: Process verification
5.14.1 Requirement
5.14.2 Rationale and supplemental guidance
5.15 SM-13: Continuous improvement
5.15.1 Requirement <\/td>\n<\/tr>\n
31<\/td>\n5.15.2 Rationale and supplemental guidance
6 Practice 2 \u2013 Specification of security requirements
6.1 Purpose
Table 2 \u2013 Example SDL continuous improvement activities <\/td>\n<\/tr>\n
32<\/td>\n6.2 SR-1: Product security context
6.2.1 Requirement
6.2.2 Rationale and supplemental guidance
6.3 SR-2: Threat model
6.3.1 Requirement <\/td>\n<\/tr>\n
33<\/td>\n6.3.2 Rationale and supplemental guidance
6.4 SR-3: Product security requirements
6.4.1 Requirement
6.4.2 Rationale and supplemental guidance <\/td>\n<\/tr>\n
34<\/td>\n6.5 SR-4: Product security requirements content
6.5.1 Requirement
6.5.2 Rationale and supplemental guidance
6.6 SR-5: Security requirements review
6.6.1 Requirement
6.6.2 Rationale and supplemental guidance <\/td>\n<\/tr>\n
35<\/td>\n7 Practice 3 \u2013 Secure by design
7.1 Purpose
7.2 SD-1: Secure design principles
7.2.1 Requirement
7.2.2 Rationale and supplemental guidance <\/td>\n<\/tr>\n
36<\/td>\n7.3 SD-2: Defense in depth design
7.3.1 Requirement <\/td>\n<\/tr>\n
37<\/td>\n7.3.2 Rationale and supplemental guidance
7.4 SD-3: Security design review
7.4.1 Requirement
7.4.2 Rationale and supplemental guidance
7.5 SD-4: Secure design best practices
7.5.1 Requirement <\/td>\n<\/tr>\n
38<\/td>\n7.5.2 Rationale and supplemental guidance
8 Practice 4 \u2013 Secure implementation
8.1 Purpose
8.2 Applicability
8.3 SI-1: Security implementation review
8.3.1 Requirement <\/td>\n<\/tr>\n
39<\/td>\n8.3.2 Rationale and supplemental guidance
8.4 SI-2: Secure coding standards
8.4.1 Requirement
8.4.2 Rationale and supplemental guidance
9 Practice 5 \u2013 Security verification and validation testing
9.1 Purpose <\/td>\n<\/tr>\n
40<\/td>\n9.2 SVV-1: Security requirements testing
9.2.1 Requirement
9.2.2 Rationale and supplemental guidance
9.3 SVV-2: Threat mitigation testing
9.3.1 Requirement
9.3.2 Rationale and supplemental guidance <\/td>\n<\/tr>\n
41<\/td>\n9.4 SVV-3: Vulnerability testing
9.4.1 Requirement
9.4.2 Rationale and supplemental guidance
9.5 SVV-4: Penetration testing
9.5.1 Requirement
9.5.2 Rationale and supplemental guidance <\/td>\n<\/tr>\n
42<\/td>\n9.6 SVV-5: Independence of testers
9.6.1 Requirement
9.6.2 Rationale and supplemental guidance
Table 3 \u2013 Required level of independence of testers from developers <\/td>\n<\/tr>\n
43<\/td>\n10 Practice 6 \u2013 Management of security-related issues
10.1 Purpose
10.2 DM-1: Receiving notifications of security-related issues
10.2.1 Requirement
10.2.2 Rationale and supplemental guidance
10.3 DM-2: Reviewing security-related issues
10.3.1 Requirement <\/td>\n<\/tr>\n
44<\/td>\n10.3.2 Rationale and supplemental guidance
10.4 DM-3: Assessing security-related issues
10.4.1 Requirement
10.4.2 Rationale and supplemental guidance <\/td>\n<\/tr>\n
45<\/td>\n10.5 DM-4: Addressing security-related issues
10.5.1 Requirement
10.5.2 Rationale and supplemental guidance <\/td>\n<\/tr>\n
46<\/td>\n10.6 DM-5: Disclosing security-related issues
10.6.1 Requirement
10.6.2 Rationale and supplemental guidance <\/td>\n<\/tr>\n
47<\/td>\n10.7 DM-6: Periodic review of security defect management practice
10.7.1 Requirement
10.7.2 Rationale and supplemental guidance
11 Practice 7 \u2013 Security update management
11.1 Purpose
11.2 SUM-1: Security update qualification
11.2.1 Requirement
11.2.2 Rationale and supplemental guidance
11.3 SUM-2: Security update documentation
11.3.1 Requirement <\/td>\n<\/tr>\n
48<\/td>\n11.3.2 Rationale and supplemental guidance
11.4 SUM-3: Dependent component or operating system security update documentation
11.4.1 Requirement
11.4.2 Rationale and supplemental guidance
11.5 SUM-4: Security update delivery
11.5.1 Requirement
11.5.2 Rationale and supplemental guidance <\/td>\n<\/tr>\n
49<\/td>\n11.6 SUM-5: Timely delivery of security patches
11.6.1 Requirement
11.6.2 Rationale and supplemental guidance
12 Practice 8 \u2013 Security guidelines
12.1 Purpose
12.2 SG-1: Product defense in depth
12.2.1 Requirement <\/td>\n<\/tr>\n
50<\/td>\n12.2.2 Rationale and supplemental guidance
12.3 SG-2: Defense in depth measures expected in the environment
12.3.1 Requirement
12.3.2 Rationale and supplemental guidance
12.4 SG-3: Security hardening guidelines
12.4.1 Requirement <\/td>\n<\/tr>\n
51<\/td>\n12.4.2 Rationale and supplemental guidance
12.5 SG-4: Secure disposal guidelines
12.5.1 Requirement
12.5.2 Rationale and supplemental guidance
12.6 SG-5: Secure operation guidelines
12.6.1 Requirement <\/td>\n<\/tr>\n
52<\/td>\n12.6.2 Rationale and supplemental guidance
12.7 SG-6: Account management guidelines
12.7.1 Requirement
12.7.2 Rationale and supplemental guidance
12.8 SG-7: Documentation review
12.8.1 Requirement
12.8.2 Rationale and supplemental guidance <\/td>\n<\/tr>\n
53<\/td>\nAnnex A (informative) Possible metrics <\/td>\n<\/tr>\n
55<\/td>\nAnnex B (informative) Table of requirements
Table B.1 \u2013 Summary of all requirements <\/td>\n<\/tr>\n
57<\/td>\nBibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

Security for industrial automation and control systems – Secure product development lifecycle requirements<\/b><\/p>\n\n\n\n\n
Published By<\/td>\nPublication Date<\/td>\nNumber of Pages<\/td>\n<\/tr>\n
BSI<\/b><\/a><\/td>\n2018<\/td>\n60<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":244727,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[385,2641],"product_tag":[],"class_list":{"0":"post-244723","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-25-040-40","7":"product_cat-bsi","9":"first","10":"instock","11":"sold-individually","12":"shipping-taxable","13":"purchasable","14":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/244723","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/244727"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=244723"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=244723"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=244723"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}