Spørsmål:
What are the seven foundational requirements (FRs) of IEC TS 62443-1-1?
Svar:
The IEC TS 62443-1-1 standard defines seven Foundational Requirements (FRs) for industrial automation and control systems (IACS) security programs, which are as follows:
- Identification and authentication control: It involves verifying the identity of users or devices attempting to access IACS networks and resources.
- Use control: It requires that access to IACS resources should only be granted based on the need-to-know and least privilege principles.
- Confidentiality: It involves protecting sensitive and confidential information from unauthorized access, disclosure, and modification.
- Integrity: It requires ensuring the accuracy and completeness of IACS data and preventing unauthorized modification or destruction of the data.
- Availability: It involves ensuring that IACS resources and services are available when needed, and recovering promptly from failures or disruptions.
- Security management: It requires implementing a systematic and comprehensive approach to IACS security management, including policies, procedures, and controls.
- System security: It involves implementing technical controls to protect IACS networks and systems from cybersecurity threats and vulnerabilities.
IEC 62443-1-1 ser ut til å beskrive struktur og grunnprinsipper for hele IEC 62443 standardserien inklusive også prinsipper for funksjonelle krav. De forskjellige standardene stiller både krav til organisasjon, arbeidsmetoder og produktegenskaper. IEC 62443-3-3 og IEC 62443-4-2 ser ut til å være de som har mest fokus på sluttproduktets produktegenskaper i forhold til Cyber Security.