{"id":244868,"date":"2024-10-19T16:05:47","date_gmt":"2024-10-19T16:05:47","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bs-en-iec-62443-4-22019\/"},"modified":"2024-10-25T11:05:23","modified_gmt":"2024-10-25T11:05:23","slug":"bs-en-iec-62443-4-22019","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bs-en-iec-62443-4-22019\/","title":{"rendered":"BS EN IEC 62443-4-2:2019"},"content":{"rendered":"<p>This part of <span class=\"std\"> <span class=\"std-ref\">IEC&nbsp;62443<\/span> <\/span> provides detailed technical control system component requirements (CRs) associated with the seven foundational requirements (FRs) described in <span class=\"std\"> <span class=\"std-ref\">IEC&nbsp;TS&nbsp;62443\u20111\u20111<\/span> <\/span> including defining the requirements for control system capability security levels and their components, SL-C(component).<\/p>\n<p>As defined in <span class=\"std\"> <span class=\"std-ref\">IEC&nbsp;TS&nbsp;62443\u20111\u20111<\/span> <\/span> there are a total of seven foundational requirements (FRs):<\/p>\n<ol style=\"list-style-type:lower-alpha\">\n<li>\n<p>identification and authentication control (IAC),<\/p>\n<\/li>\n<li>\n<p>use control (UC),<\/p>\n<\/li>\n<li>\n<p>system integrity (SI),<\/p>\n<\/li>\n<li>\n<p>data confidentiality (DC),<\/p>\n<\/li>\n<li>\n<p>restricted data flow (RDF),<\/p>\n<\/li>\n<li>\n<p>timely response to events (TRE), and<\/p>\n<\/li>\n<li>\n<p>resource availability (RA).<\/p>\n<\/li>\n<\/ol>\n<p>These seven FRs are the foundation for defining control system security capability levels. Defining security capability levels for the control system component is the goal and objective of this document as opposed to SL-T or achieved SLs (SL-A), which are out of scope.<\/p>\n<div class=\"non-normative-note\">\n<div class=\"note-label\">\n  NOTE&nbsp;1\n <\/div>\n<p>Refer to <span class=\"std\"> <span class=\"std-ref\">IEC&nbsp;62443\u20112\u20111<\/span> <\/span> <span class=\"xref\">[1]<\/span> for an equivalent set of non-technical, program-related, capability requirements necessary for fully achieving a SL-T(control system).<\/p>\n<\/div>\n<div class=\"non-normative-note\">\n<div class=\"note-label\">\n  NOTE&nbsp;2\n <\/div>\n<p>The trademarks and trade names mentioned in this document are given for the convenience of users of this document. This information does not constitute an endorsement by IEC of the products named.<\/p>\n<\/div>\n<h4>PDF Catalog<\/h4>\n<table border=\"1px\" class=\"des-table\">\n<tr>\n<th>PDF Pages<\/th>\n<th>PDF Title<\/th>\n<\/tr>\n<tr>\n<td><b>2<b><\/td>\n<td>undefined  <\/td>\n<\/tr>\n<tr>\n<td><b>5<b><\/td>\n<td>Annex ZA(normative)Normative references to international publicationswith their corresponding European publications  <\/td>\n<\/tr>\n<tr>\n<td><b>7<b><\/td>\n<td>English <br \/> CONTENTS  <\/td>\n<\/tr>\n<tr>\n<td><b>17<b><\/td>\n<td>FOREWORD  <\/td>\n<\/tr>\n<tr>\n<td><b>19<b><\/td>\n<td>INTRODUCTION  <\/td>\n<\/tr>\n<tr>\n<td><b>21<b><\/td>\n<td>Figure 1 \u2013 Parts of the IEC 62443 series  <\/td>\n<\/tr>\n<tr>\n<td><b>22<b><\/td>\n<td>1 Scope <br \/> 2 Normative references  <\/td>\n<\/tr>\n<tr>\n<td><b>23<b><\/td>\n<td>3 Terms, definitions, abbreviated terms, acronyms, and conventions <br \/> 3.1 Terms and definitions  <\/td>\n<\/tr>\n<tr>\n<td><b>29<b><\/td>\n<td>3.2 Abbreviated terms and acronyms  <\/td>\n<\/tr>\n<tr>\n<td><b>31<b><\/td>\n<td>3.3 Conventions  <\/td>\n<\/tr>\n<tr>\n<td><b>32<b><\/td>\n<td>4 Common component security constraints <br \/> 4.1 Overview <br \/> 4.2 CCSC 1: Support of essential functions <br \/> 4.3 CCSC 2: Compensating countermeasures <br \/> 4.4 CCSC 3: Least privilege <br \/> 4.5 CCSC 4: Software development process <br \/> 5 FR 1 \u2013 Identification and authentication control <br \/> 5.1 Purpose and SLC(IAC) descriptions   <\/td>\n<\/tr>\n<tr>\n<td><b>33<b><\/td>\n<td>5.2 Rationale <br \/> 5.3 CR 1.1 \u2013 Human user identification and authentication <br \/> 5.3.1 Requirement <br \/> 5.3.2 Rationale and supplemental guidance <br \/> 5.3.3 Requirement enhancements  <\/td>\n<\/tr>\n<tr>\n<td><b>34<b><\/td>\n<td>5.3.4 Security levels <br \/> 5.4 CR 1.2 \u2013 Software process and device identification and authentication <br \/> 5.4.1 Requirement <br \/> 5.4.2 Rationale and supplemental guidance <br \/> 5.4.3 Requirement enhancements  <\/td>\n<\/tr>\n<tr>\n<td><b>35<b><\/td>\n<td>5.4.4 Security levels <br \/> 5.5 CR 1.3 \u2013 Account management <br \/> 5.5.1 Requirement <br \/> 5.5.2 Rationale and supplemental guidance <br \/> 5.5.3 Requirement enhancements <br \/> 5.5.4 Security levels <br \/> 5.6 CR 1.4 \u2013 Identifier management  <br \/> 5.6.1 Requirement <br \/> 5.6.2 Rationale and supplemental guidance  <\/td>\n<\/tr>\n<tr>\n<td><b>36<b><\/td>\n<td>5.6.3 Requirement enhancements <br \/> 5.6.4 Security levels <br \/> 5.7 CR 1.5 \u2013 Authenticator management <br \/> 5.7.1 Requirement <br \/> 5.7.2 Rationale and supplemental guidance  <\/td>\n<\/tr>\n<tr>\n<td><b>37<b><\/td>\n<td>5.7.3 Requirement enhancements <br \/> 5.7.4 Security levels <br \/> 5.8 CR 1.6 \u2013 Wireless access management <br \/> 5.9 CR 1.7 \u2013 Strength of password-based authentication <br \/> 5.9.1 Requirement <br \/> 5.9.2 Rationale and supplemental guidance <br \/> 5.9.3 Requirement enhancements  <\/td>\n<\/tr>\n<tr>\n<td><b>38<b><\/td>\n<td>5.9.4 Security levels <br \/> 5.10 CR 1.8 \u2013 Public key infrastructure certificates <br \/> 5.10.1 Requirement <br \/> 5.10.2 Rationale and supplemental guidance <br \/> 5.10.3 Requirement enhancements <br \/> 5.10.4 Security levels  <\/td>\n<\/tr>\n<tr>\n<td><b>39<b><\/td>\n<td>5.11 CR 1.9 \u2013 Strength of public key-based authentication <br \/> 5.11.1 Requirement <br \/> 5.11.2 Rationale and supplemental guidance  <\/td>\n<\/tr>\n<tr>\n<td><b>40<b><\/td>\n<td>5.11.3 Requirement enhancements <br \/> 5.11.4 Security levels <br \/> 5.12 CR 1.10 \u2013 Authenticator feedback <br \/> 5.12.1 Requirement <br \/> 5.12.2 Rationale and supplemental guidance <br \/> 5.12.3 Requirement enhancements <br \/> 5.12.4 Security levels <br \/> 5.13 CR 1.11 \u2013 Unsuccessful login attempts <br \/> 5.13.1 Requirement  <\/td>\n<\/tr>\n<tr>\n<td><b>41<b><\/td>\n<td>5.13.2 Rationale and supplemental guidance <br \/> 5.13.3 Requirement enhancements <br \/> 5.13.4 Security levels <br \/> 5.14 CR 1.12 \u2013 System use notification <br \/> 5.14.1 Requirement <br \/> 5.14.2 Rationale and supplemental guidance <br \/> 5.14.3 Requirement enhancements  <\/td>\n<\/tr>\n<tr>\n<td><b>42<b><\/td>\n<td>5.14.4 Security levels <br \/> 5.15 CR 1.13 \u2013 Access via untrusted networks <br \/> 5.16 CR 1.14 \u2013 Strength of symmetric key-based authentication <br \/> 5.16.1 Requirement <br \/> 5.16.2 Rationale and supplemental guidance <br \/> 5.16.3 Requirement enhancements  <\/td>\n<\/tr>\n<tr>\n<td><b>43<b><\/td>\n<td>5.16.4 Security levels <br \/> 6 FR 2 \u2013 Use control <br \/> 6.1 Purpose and SLC(UC) descriptions <br \/> 6.2 Rationale <br \/> 6.3 CR 2.1 \u2013 Authorization enforcement <br \/> 6.3.1 Requirement <br \/> 6.3.2 Rationale and supplemental guidance  <\/td>\n<\/tr>\n<tr>\n<td><b>44<b><\/td>\n<td>6.3.3 Requirement enhancements <br \/> 6.3.4 Security levels  <\/td>\n<\/tr>\n<tr>\n<td><b>45<b><\/td>\n<td>6.4 CR 2.2 \u2013 Wireless use control <br \/> 6.4.1 Requirement <br \/> 6.4.2 Rationale and supplemental guidance <br \/> 6.4.3 Requirement enhancements <br \/> 6.4.4 Security levels <br \/> 6.5 CR 2.3 \u2013 Use control for portable and mobile devices <br \/> 6.6 CR 2.4 \u2013 Mobile code <br \/> 6.7 CR 2.5 \u2013 Session lock <br \/> 6.7.1 Requirement  <\/td>\n<\/tr>\n<tr>\n<td><b>46<b><\/td>\n<td>6.7.2 Rationale and supplemental guidance <br \/> 6.7.3 Requirement enhancements <br \/> 6.7.4 Security levels <br \/> 6.8 CR 2.6 \u2013 Remote session termination <br \/> 6.8.1 Requirement <br \/> 6.8.2 Rationale and supplemental guidance <br \/> 6.8.3 Requirement enhancements <br \/> 6.8.4 Security levels <br \/> 6.9 CR 2.7 \u2013 Concurrent session control <br \/> 6.9.1 Requirement  <\/td>\n<\/tr>\n<tr>\n<td><b>47<b><\/td>\n<td>6.9.2 Rationale and supplemental guidance <br \/> 6.9.3 Requirement enhancements <br \/> 6.9.4 Security levels <br \/> 6.10 CR 2.8 \u2013 Auditable events <br \/> 6.10.1 Requirement <br \/> 6.10.2 Rationale and supplemental guidance <br \/> 6.10.3 Requirement enhancements  <\/td>\n<\/tr>\n<tr>\n<td><b>48<b><\/td>\n<td>6.10.4 Security levels <br \/> 6.11 CR 2.9 \u2013 Audit storage capacity <br \/> 6.11.1 Requirement <br \/> 6.11.2 Rationale and supplemental guidance <br \/> 6.11.3 Requirement enhancements <br \/> 6.11.4 Security levels <br \/> 6.12 CR 2.10 \u2013 Response to audit processing failures <br \/> 6.12.1 Requirement  <\/td>\n<\/tr>\n<tr>\n<td><b>49<b><\/td>\n<td>6.12.2 Rationale and supplemental guidance <br \/> 6.12.3 Requirement enhancements <br \/> 6.12.4 Security levels <br \/> 6.13 CR 2.11 \u2013 Timestamps <br \/> 6.13.1 Requirement <br \/> 6.13.2 Rationale and supplemental guidance <br \/> 6.13.3 Requirement enhancements <br \/> 6.13.4 Security levels  <\/td>\n<\/tr>\n<tr>\n<td><b>50<b><\/td>\n<td>6.14 CR 2.12 \u2013 Non-repudiation <br \/> 6.14.1 Requirement <br \/> 6.14.2 Rationale and supplemental guidance <br \/> 6.14.3 Requirement enhancements <br \/> 6.14.4 Security levels <br \/> 6.15 CR 2.13 \u2013 Use of physical diagnostic and test interfaces <br \/> 7 FR 3 \u2013 System integrity <br \/> 7.1 Purpose and SLC(SI) descriptions  <\/td>\n<\/tr>\n<tr>\n<td><b>51<b><\/td>\n<td>7.2 Rationale <br \/> 7.3 CR 3.1 \u2013 Communication integrity <br \/> 7.3.1 Requirement <br \/> 7.3.2 Rationale and supplemental guidance  <\/td>\n<\/tr>\n<tr>\n<td><b>52<b><\/td>\n<td>7.3.3 Requirement enhancements <br \/> 7.3.4 Security levels <br \/> 7.4 CR 3.2 \u2013 Protection from malicious code <br \/> 7.5 CR 3.3 \u2013 Security functionality verification <br \/> 7.5.1 Requirement <br \/> 7.5.2 Rationale and supplemental guidance <br \/> 7.5.3 Requirement enhancements   <\/td>\n<\/tr>\n<tr>\n<td><b>53<b><\/td>\n<td>7.5.4 Security levels <br \/> 7.6 CR 3.4 \u2013 Software and information integrity <br \/> 7.6.1 Requirement <br \/> 7.6.2 Rationale and supplemental guidance <br \/> 7.6.3 Requirement enhancements <br \/> 7.6.4 Security levels <br \/> 7.7 CR 3.5 \u2013 Input validation <br \/> 7.7.1 Requirement  <\/td>\n<\/tr>\n<tr>\n<td><b>54<b><\/td>\n<td>7.7.2 Rationale and supplemental guidance <br \/> 7.7.3 Requirement enhancements <br \/> 7.7.4 Security levels <br \/> 7.8 CR 3.6 \u2013 Deterministic output <br \/> 7.8.1 Requirement <br \/> 7.8.2 Rationale and supplemental guidance <br \/> 7.8.3 Requirement enhancements  <\/td>\n<\/tr>\n<tr>\n<td><b>55<b><\/td>\n<td>7.8.4 Security levels <br \/> 7.9 CR 3.7 \u2013 Error handling <br \/> 7.9.1 Requirement <br \/> 7.9.2 Rationale and supplemental guidance <br \/> 7.9.3 Requirement enhancements <br \/> 7.9.4 Security levels <br \/> 7.10 CR 3.8 \u2013 Session integrity <br \/> 7.10.1 Requirement  <\/td>\n<\/tr>\n<tr>\n<td><b>56<b><\/td>\n<td>7.10.2 Rationale and supplemental guidance <br \/> 7.10.3 Requirement enhancements <br \/> 7.10.4 Security levels <br \/> 7.11  CR 3.9 \u2013 Protection of audit information <br \/> 7.11.1 Requirement <br \/> 7.11.2 Rationale and supplemental guidance <br \/> 7.11.3 Requirement enhancements <br \/> 7.11.4 Security levels  <\/td>\n<\/tr>\n<tr>\n<td><b>57<b><\/td>\n<td>7.12 CR 3.10 \u2013 Support for updates <br \/> 7.13 CR 3.11 \u2013 Physical tamper resistance and detection <br \/> 7.14 CR 3.12 \u2013 Provisioning product supplier roots of trust <br \/> 7.15 CR 3.13 \u2013 Provisioning asset owner roots of trust  <br \/> 7.16 CR 3.14 \u2013 Integrity of the boot process <br \/> 8 FR 4 \u2013 Data confidentiality <br \/> 8.1 Purpose and SLC(DC) descriptions <br \/> 8.2 Rationale <br \/> 8.3 CR 4.1 \u2013 Information confidentiality <br \/> 8.3.1 Requirement  <\/td>\n<\/tr>\n<tr>\n<td><b>58<b><\/td>\n<td>8.3.2 Rationale and supplemental guidance <br \/> 8.3.3 Requirement enhancements <br \/> 8.3.4 Security levels <br \/> 8.4 CR 4.2 \u2013 Information persistence <br \/> 8.4.1 Requirement <br \/> 8.4.2 Rationale and supplemental guidance <br \/> 8.4.3 Requirement enhancements  <\/td>\n<\/tr>\n<tr>\n<td><b>59<b><\/td>\n<td>8.4.4 Security levels <br \/> 8.5 CR 4.3 \u2013 Use of cryptography <br \/> 8.5.1 Requirement <br \/> 8.5.2 Rationale and supplemental guidance <br \/> 8.5.3 Requirement enhancements <br \/> 8.5.4 Security levels  <\/td>\n<\/tr>\n<tr>\n<td><b>60<b><\/td>\n<td>9 FR 5 \u2013 Restricted data flow <br \/> 9.1 Purpose and SLC(RDF) descriptions <br \/> 9.2 Rationale <br \/> 9.3 CR 5.1 \u2013 Network segmentation <br \/> 9.3.1 Requirement <br \/> 9.3.2 Rationale and supplemental guidance  <\/td>\n<\/tr>\n<tr>\n<td><b>61<b><\/td>\n<td>9.3.3 Requirement enhancements <br \/> 9.3.4 Security levels <br \/> 9.4 CR 5.2 \u2013 Zone boundary protection <br \/> 9.5 CR 5.3 \u2013 General-purpose person-to-person communication restrictions <br \/> 9.6 CR 5.4 \u2013 Application partitioning <br \/> 10 FR 6 \u2013 Timely response to events <br \/> 10.1 Purpose and SLC(TRE) descriptions  <\/td>\n<\/tr>\n<tr>\n<td><b>62<b><\/td>\n<td>10.2 Rationale <br \/> 10.3 CR 6.1 \u2013 Audit log accessibility <br \/> 10.3.1 Requirement <br \/> 10.3.2 Rationale and supplemental guidance <br \/> 10.3.3 Requirement enhancements <br \/> 10.3.4 Security levels <br \/> 10.4 CR 6.2 \u2013 Continuous monitoring <br \/> 10.4.1 Requirement <br \/> 10.4.2 Rationale and supplemental guidance  <\/td>\n<\/tr>\n<tr>\n<td><b>63<b><\/td>\n<td>10.4.3 Requirement enhancements <br \/> 10.4.4 Security levels <br \/> 11 FR 7 \u2013 Resource availability <br \/> 11.1 Purpose and SLC(RA) descriptions <br \/> 11.2 Rationale  <\/td>\n<\/tr>\n<tr>\n<td><b>64<b><\/td>\n<td>11.3 CR 7.1 \u2013 Denial of service protection <br \/> 11.3.1 Requirement <br \/> 11.3.2 Rationale and supplemental guidance <br \/> 11.3.3 Requirement enhancements <br \/> 11.3.4 Security levels <br \/> 11.4 CR 7.2 \u2013 Resource management <br \/> 11.4.1 Requirement <br \/> 11.4.2 Rationale and supplemental guidance <br \/> 11.4.3 Requirement enhancements <br \/> 11.4.4 Security levels  <\/td>\n<\/tr>\n<tr>\n<td><b>65<b><\/td>\n<td>11.5 CR 7.3 \u2013 Control system backup <br \/> 11.5.1 Requirement <br \/> 11.5.2 Rationale and supplemental guidance <br \/> 11.5.3 Requirement enhancements <br \/> 11.5.4 Security levels <br \/> 11.6 CR 7.4 \u2013 Control system recovery and reconstitution <br \/> 11.6.1 Requirement <br \/> 11.6.2 Rationale and supplemental guidance <br \/> 11.6.3 Requirement enhancements  <\/td>\n<\/tr>\n<tr>\n<td><b>66<b><\/td>\n<td>11.6.4 Security levels <br \/> 11.7 CR 7.5 \u2013 Emergency power <br \/> 11.8 CR 7.6 \u2013 Network and security configuration settings <br \/> 11.8.1 Requirement <br \/> 11.8.2 Rationale and supplemental guidance <br \/> 11.8.3 Requirement enhancements <br \/> 11.8.4 Security levels <br \/> 11.9 CR 7.7 \u2013 Least functionality <br \/> 11.9.1 Requirement <br \/> 11.9.2 Rationale and supplemental guidance  <\/td>\n<\/tr>\n<tr>\n<td><b>67<b><\/td>\n<td>11.9.3 Requirement enhancements <br \/> 11.9.4 Security levels <br \/> 11.10 CR 7.8 \u2013 Control system component inventory <br \/> 11.10.1 Requirement <br \/> 11.10.2 Rationale and supplemental guidance <br \/> 11.10.3 Requirement enhancements <br \/> 11.10.4 Security levels <br \/> 12 Software application requirements <br \/> 12.1 Purpose <br \/> 12.2 SAR 2.4 \u2013 Mobile code <br \/> 12.2.1 Requirement  <\/td>\n<\/tr>\n<tr>\n<td><b>68<b><\/td>\n<td>12.2.2 Rationale and supplemental guidance <br \/> 12.2.3 Requirement enhancements <br \/> 12.2.4 Security levels <br \/> 12.3 SAR 3.2 \u2013 Protection from malicious code <br \/> 12.3.1 Requirement <br \/> 12.3.2 Rationale and supplemental guidance <br \/> 12.3.3 Requirement enhancements <br \/> 12.3.4 Security levels  <\/td>\n<\/tr>\n<tr>\n<td><b>69<b><\/td>\n<td>13 Embedded device requirements <br \/> 13.1 Purpose <br \/> 13.2 EDR 2.4 \u2013 Mobile code <br \/> 13.2.1 Requirement <br \/> 13.2.2 Rationale and supplemental guidance <br \/> 13.2.3 Requirement enhancements <br \/> 13.2.4 Security levels <br \/> 13.3 EDR 2.13 \u2013 Use of physical diagnostic and test interfaces <br \/> 13.3.1 Requirement   <\/td>\n<\/tr>\n<tr>\n<td><b>70<b><\/td>\n<td>13.3.2 Rationale and supplemental guidance <br \/> 13.3.3 Requirement enhancements <br \/> 13.3.4 Security levels <br \/> 13.4 EDR 3.2 \u2013 Protection from malicious code <br \/> 13.4.1 Requirement <br \/> 13.4.2 Rationale and supplemental guidance  <\/td>\n<\/tr>\n<tr>\n<td><b>71<b><\/td>\n<td>13.4.3 Requirement enhancements <br \/> 13.4.4 Security levels <br \/> 13.5 EDR 3.10 \u2013 Support for updates <br \/> 13.5.1 Requirement <br \/> 13.5.2 Rationale and supplemental guidance <br \/> 13.5.3 Requirement enhancements <br \/> 13.5.4 Security levels <br \/> 13.6 EDR 3.11 \u2013 Physical tamper resistance and detection <br \/> 13.6.1 Requirement <br \/> 13.6.2 Rationale and supplemental guidance  <\/td>\n<\/tr>\n<tr>\n<td><b>72<b><\/td>\n<td>13.6.3 Requirement enhancements <br \/> 13.6.4 Security levels <br \/> 13.7 EDR 3.12 \u2013 Provisioning product supplier roots of trust <br \/> 13.7.1 Requirement <br \/> 13.7.2  Rationale and supplemental guidance <br \/> 13.7.3 Requirement enhancements  <\/td>\n<\/tr>\n<tr>\n<td><b>73<b><\/td>\n<td>13.7.4 Security levels <br \/> 13.8 EDR 3.13 \u2013 Provisioning asset owner roots of trust <br \/> 13.8.1 Requirement <br \/> 13.8.2 Rationale and supplemental guidance <br \/> 13.8.3 Requirement enhancements <br \/> 13.8.4 Security levels  <\/td>\n<\/tr>\n<tr>\n<td><b>74<b><\/td>\n<td>13.9 EDR 3.14 \u2013 Integrity of the boot process <br \/> 13.9.1 Requirement <br \/> 13.9.2 Rationale and supplemental guidance <br \/> 13.9.3 Requirement enhancements <br \/> 13.9.4 Security levels <br \/> 14 Host device requirements <br \/> 14.1 Purpose <br \/> 14.2 HDR 2.4 \u2013 Mobile code <br \/> 14.2.1 Requirement  <\/td>\n<\/tr>\n<tr>\n<td><b>75<b><\/td>\n<td>14.2.2 Rationale and supplemental guidance <br \/> 14.2.3 Requirement enhancements <br \/> 14.2.4 Security levels <br \/> 14.3 HDR 2.13 \u2013 Use of physical diagnostic and test interfaces <br \/> 14.3.1 Requirement  <br \/> 14.3.2 Rationale and supplemental guidance  <\/td>\n<\/tr>\n<tr>\n<td><b>76<b><\/td>\n<td>14.3.3 Requirement enhancements <br \/> 14.3.4 Security levels <br \/> 14.4 HDR 3.2 \u2013 Protection from malicious code <br \/> 14.4.1 Requirement <br \/> 14.4.2 Rationale and supplemental guidance <br \/> 14.4.3 Requirement enhancements <br \/> 14.4.4 Security levels <br \/> 14.5 HDR 3.10 \u2013 Support for updates <br \/> 14.5.1 Requirement <br \/> 14.5.2 Rationale and supplemental guidance  <\/td>\n<\/tr>\n<tr>\n<td><b>77<b><\/td>\n<td>14.5.3 Requirement enhancements <br \/> 14.5.4 Security levels <br \/> 14.6 HDR 3.11 \u2013 Physical tamper resistance and detection <br \/> 14.6.1 Requirement <br \/> 14.6.2 Rationale and supplemental guidance <br \/> 14.6.3 Requirement enhancements <br \/> 14.6.4 Security levels  <\/td>\n<\/tr>\n<tr>\n<td><b>78<b><\/td>\n<td>14.7 HDR 3.12 \u2013 Provisioning product supplier roots of trust <br \/> 14.7.1 Requirement <br \/> 14.7.2  Rationale and supplemental guidance <br \/> 14.7.3 Requirement enhancements <br \/> 14.7.4 Security levels <br \/> 14.8 HDR 3.13 \u2013 Provisioning asset owner roots of trust <br \/> 14.8.1 Requirement <br \/> 14.8.2 Rationale and supplemental guidance  <\/td>\n<\/tr>\n<tr>\n<td><b>79<b><\/td>\n<td>14.8.3 Requirement enhancements <br \/> 14.8.4 Security levels <br \/> 14.9 HDR 3.14 \u2013 Integrity of the boot process <br \/> 14.9.1 Requirement <br \/> 14.9.2 Rationale and supplemental guidance <br \/> 14.9.3 Requirement enhancements  <\/td>\n<\/tr>\n<tr>\n<td><b>80<b><\/td>\n<td>14.9.4 Security levels <br \/> 15 Network device requirements <br \/> 15.1 Purpose <br \/> 15.2 NDR 1.6 \u2013 Wireless access management <br \/> 15.2.1 Requirement <br \/> 15.2.2 Rationale and supplemental guidance <br \/> 15.2.3 Requirement enhancements <br \/> 15.2.4 Security levels <br \/> 15.3 NDR 1.13 \u2013 Access via untrusted networks <br \/> 15.3.1 Requirement  <\/td>\n<\/tr>\n<tr>\n<td><b>81<b><\/td>\n<td>15.3.2 Rationale and supplemental guidance <br \/> 15.3.3 Requirement enhancements <br \/> 15.3.4 Security levels <br \/> 15.4 NDR 2.4 \u2013 Mobile code <br \/> 15.4.1 Requirement <br \/> 15.4.2 Rationale and supplemental guidance  <\/td>\n<\/tr>\n<tr>\n<td><b>82<b><\/td>\n<td>15.4.3 Requirement enhancements <br \/> 15.4.4 Security levels <br \/> 15.5 NDR 2.13 \u2013 Use of physical diagnostic and test interfaces <br \/> 15.5.1 Requirement  <br \/> 15.5.2 Rationale and supplemental guidance <br \/> 15.5.3 Requirement enhancements  <\/td>\n<\/tr>\n<tr>\n<td><b>83<b><\/td>\n<td>15.5.4 Security levels <br \/> 15.6 NDR 3.2 \u2013 Protection from malicious code <br \/> 15.6.1 Requirement <br \/> 15.6.2 Rationale and supplemental guidance <br \/> 15.6.3 Requirement enhancements <br \/> 15.6.4 Security levels <br \/> 15.7 NDR 3.10 \u2013 Support for updates <br \/> 15.7.1 Requirement <br \/> 15.7.2 Rationale and supplemental guidance <br \/> 15.7.3 Requirement enhancements  <\/td>\n<\/tr>\n<tr>\n<td><b>84<b><\/td>\n<td>15.7.4 Security levels <br \/> 15.8 NDR 3.11 \u2013 Physical tamper resistance and detection <br \/> 15.8.1 Requirement <br \/> 15.8.2 Rationale and supplemental guidance <br \/> 15.8.3 Requirement enhancements <br \/> 15.8.4 Security levels <br \/> 15.9 NDR 3.12 \u2013 Provisioning product supplier roots of trust <br \/> 15.9.1 Requirement  <\/td>\n<\/tr>\n<tr>\n<td><b>85<b><\/td>\n<td>15.9.2 Rationale and supplemental guidance <br \/> 15.9.3 Requirement enhancements <br \/> 15.9.4 Security levels <br \/> 15.10 NDR 3.13 \u2013 Provisioning asset owner roots of trust <br \/> 15.10.1 Requirement <br \/> 15.10.2 Rationale and supplemental guidance  <\/td>\n<\/tr>\n<tr>\n<td><b>86<b><\/td>\n<td>15.10.3 Requirement enhancements <br \/> 15.10.4 Security levels <br \/> 15.11 NDR 3.14 \u2013 Integrity of the boot process <br \/> 15.11.1 Requirement <br \/> 15.11.2 Rationale and supplemental guidance <br \/> 15.11.3 Requirement enhancements  <\/td>\n<\/tr>\n<tr>\n<td><b>87<b><\/td>\n<td>15.11.4 Security levels <br \/> 15.12 NDR 5.2 \u2013 Zone boundary protection <br \/> 15.12.1 Requirement <br \/> 15.12.2 Rationale and supplemental guidance <br \/> 15.12.3 Requirement enhancements <br \/> 15.12.4 Security levels  <\/td>\n<\/tr>\n<tr>\n<td><b>88<b><\/td>\n<td>15.13 NDR 5.3 \u2013 General purpose, person-to-person communication restrictions <br \/> 15.13.1 Requirement <br \/> 15.13.2 Rationale and supplemental guidance <br \/> 15.13.3 Requirement enhancements <br \/> 15.13.4 Security levels  <\/td>\n<\/tr>\n<tr>\n<td><b>89<b><\/td>\n<td>Annex A (informative)Device categories <br \/> A.1 General <br \/> A.2 Device category: embedded device  <br \/> A.2.1 Programmable logic controller (PLC) <br \/> A.2.2 Intelligent electronic device (IED)  <\/td>\n<\/tr>\n<tr>\n<td><b>90<b><\/td>\n<td>A.3 Device category: network device  <br \/> A.3.1 Switch <br \/> A.3.2 Virtual private network (VPN) terminator <br \/> A.4 Device category: host device\/application  <br \/> A.4.1 Operator workstation  <\/td>\n<\/tr>\n<tr>\n<td><b>91<b><\/td>\n<td>A.4.2 Data historian  <\/td>\n<\/tr>\n<tr>\n<td><b>92<b><\/td>\n<td>Annex B (informative)Mapping of CRs and REs to FR SLs 1-4 <br \/> B.1 Overview <br \/> B.2 SL mapping table  <\/td>\n<\/tr>\n<tr>\n<td><b>93<b><\/td>\n<td>Table B.1 \u2013 Mapping of CRs and REs to FR SL levels 1-4  <\/td>\n<\/tr>\n<tr>\n<td><b>98<b><\/td>\n<td>Bibliography  <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p><b>Security for industrial automation and control systems &#8211; Technical security requirements for IACS components<\/b><\/p>\n<table class=\"shortdes-table\" style=\"width: 100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td>Published By<\/td>\n<td>Publication Date<\/td>\n<td>Number of Pages<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/pdfstandards.shop\/product-category\/publishers\/bsi\/\"><b>BSI<\/b><\/a><\/td>\n<td>2019<\/td>\n<td>100<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":244875,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[385,2641],"product_tag":[],"class_list":{"0":"post-244868","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-25-040-40","7":"product_cat-bsi","9":"first","10":"instock","11":"sold-individually","12":"shipping-taxable","13":"purchasable","14":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/244868","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/244875"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=244868"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=244868"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=244868"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}