IEC/PAS 62443-3-2008
工业过程的测量和控制用安全.网络和系统安全

Security for industrial process measurement and control - Network and system security


IEC/PAS 62443-3-2008 发布历史

This PAS establishes a framework for securing information and communication technology aspects of industrial process measurement and control systems including its networks and devices on those networks, during the operational phase of the plant’s life cycle. This PAS provides guidance on a plant’s operational security requirements and is primarily intended for automation system owners/operators (responsible for ICS operation) Furthermore, the operational requirements of this PAS may interest ICS stakeholders such as: a) automation system designers; b) manufacturers (vendors) of devices, subsystems, and systems; c) integrators of subsystems and systems. The PAS allows for the following concerns: • graceful migration/evolution of existing systems; • meeting security objectives with existing COTS technologies and products; • assurance of reliability/availability of the secured communications services; • applicability to systems of any size and risk (scalability); • coexistence of safety, legal and regulatory and automation functionality requirements with security requirements. NOTE 1 Plants and systems may contain safety critical components and devices. Any safety-related security components may be subject to certification based on IEC 61508 and according to the SILs therein. This PAS does not guarantee that its specifications are all or in part appropriate or sufficient for the security of such safety critical components and devices. NOTE 2 This PAS does not include requirements for security assurance evaluation and testing. NOTE 3 The measures provided by this PAS are rather process-based and general in nature than technically specific or prescriptive in terms of technical countermeasures and configurations. NOTE 4 The procedures of this PAS are written with the plant owner/operator's mind set. NOTE 5 This PAS does not cover the concept, design and implementation live cycle processes, i.e. requirements on control equipment manufacturer's future product development cycle. NOTE 6 This PAS does not cover the integration of components and subsystems into a system. NOTE 7 This PAS does not cover procurement for integration into an existing system, i.e. procurement requirements for owner/operators of a plant. NOTE 8 This PAS will be extended into a 3-part International Standard to cover most of the restrictions expressed in the previous notes; for the planned scope of the extended standards, refer to Annex A.

IEC/PAS 62443-3-2008由国际电工委员会 IX-IEC 发布于 2008-01。

IEC/PAS 62443-3-2008 在中国标准分类中归属于: N10 工业自动化与控制装置综合,在国际标准分类中归属于: 25.040.40 工业过程的测量和控制,35.040 字符集和信息编码,35.110 网络,35.240.50 信息技术在工业中的应用。

IEC/PAS 62443-3-2008 发布之时,引用了标准

  • ISO/IEC 15408 信息技术——安全技术——IT安全评估标准第3部分:安全保证组件*2008-08-19 更新
  • ISO/IEC 27002-2005 信息技术 安全技术 信息安全管理实施规程
  • ISO/IEC Guide 73-2002 风险管理.词汇.标准使用指南*2022-07-18 更新

* 在 IEC/PAS 62443-3-2008 发布之后有更新,请注意新发布标准的变化。

IEC/PAS 62443-3-2008的历代版本如下:

 

 

非常抱歉,我们暂时无法提供预览,您可以试试: 免费下载 IEC/PAS 62443-3-2008 前三页,或者稍后再访问。

点击下载后,生成下载文件时间比较长,请耐心等待......

 



标准号
IEC/PAS 62443-3-2008
发布日期
2008年01月
实施日期
废止日期
中国标准分类号
N10
国际标准分类号
25.040.40;35.040;35.110;35.240.50
发布单位
IX-IEC
引用标准
ISO/IEC 15408 ISO/IEC 27002-2005 ISO/IEC Guide 73-2002
适用范围
This PAS establishes a framework for securing information and communication technology aspects of industrial process measurement and control systems including its networks and devices on those networks, during the operational phase of the plant’s life cycle. This PAS provides guidance on a plant’s operational security requirements and is primarily intended for automation system owners/operators (responsible for ICS operation) Furthermore, the operational requirements of this PAS may interest ICS stakeholders such as: a) automation system designers; b) manufacturers (vendors) of devices, subsystems, and systems; c) integrators of subsystems and systems. The PAS allows for the following concerns: • graceful migration/evolution of existing systems; • meeting security objectives with existing COTS technologies and products; • assurance of reliability/availability of the secured communications services; • applicability to systems of any size and risk (scalability); • coexistence of safety, legal and regulatory and automation functionality requirements with security requirements. NOTE 1 Plants and systems may contain safety critical components and devices. Any safety-related security components may be subject to certification based on IEC 61508 and according to the SILs therein. This PAS does not guarantee that its specifications are all or in part appropriate or sufficient for the security of such safety critical components and devices. NOTE 2 This PAS does not include requirements for security assurance evaluation and testing. NOTE 3 The measures provided by this PAS are rather process-based and general in nature than technically specific or prescriptive in terms of technical countermeasures and configurations. NOTE 4 The procedures of this PAS are written with the plant owner/operator's mind set. NOTE 5 This PAS does not cover the concept, design and implementation live cycle processes, i.e. requirements on control equipment manufacturer's future product development cycle. NOTE 6 This PAS does not cover the integration of components and subsystems into a system. NOTE 7 This PAS does not cover procurement for integration into an existing system, i.e. procurement requirements for owner/operators of a plant. NOTE 8 This PAS will be extended into a 3-part International Standard to cover most of the restrictions expressed in the previous notes; for the planned scope of the extended standards, refer to Annex A.




Copyright ©2007-2022 ANTPEDIA, All Rights Reserved
京ICP备07018254号 京公网安备1101085018 电信与信息服务业务经营许可证:京ICP证110310号