PD IEC/TR 62443-2-3:2015 - Security for industrial automation and control systems. Patch management in the IACS environment

PD IEC/TR 62443-2-3:2015

Security for industrial automation and control systems. Patch management in the IACS environment

Status : Current   Published : July 2015

Format
PDF

Format
HARDCOPY



This part of This part of IEC 62443, which is a Technical Report, describes requirements for asset owners and industrial automation and control system (IACS) product suppliers that have established and are now maintaining an IACS patch management program.

This Technical Report recommends a defined format for the distribution of information about security patches from asset owners to IACS product suppliers, a definition of some of the activities associated with the development of the patch information by IACS product suppliers and deployment and installation of the patches by asset owners. The exchange format and activities are defined for use in security related patches; however, it may also be applicable for non-security related patches or updates.

The Technical Report does not differentiate between patches made available for the operating systems (OSs), applications or devices. It does not differentiate between the product suppliers that supply the infrastructure components or the IACS applications; it provides guidance for all patches applicable to the IACS. Additionally, the type of patch can be for the resolution of bugs, reliability issues, operability issues or security vulnerabilities.

NOTE 1

This Technical Report does not provide guidance on the ethics and approaches for the discovery and disclosure of security vulnerabilities affecting IACS. This is a general issue outside the scope of this report.

NOTE 2

This Technical Report does not provide guidance on the mitigation of vulnerabilities in the period between when the vulnerability is discovered and the date that the patch resolving the vulnerability is created. For guidance on multiple countermeasures to mitigate security risks as part of an IACS security management system (IACS-SMS), refer to, Annexes B.4.5, B.4.6 and B.8.5 in this Technical Report and other documents in the IEC 62443 series.




Standard NumberPD IEC/TR 62443-2-3:2015
TitleSecurity for industrial automation and control systems. Patch management in the IACS environment
StatusCurrent
Publication Date31 July 2015
Normative References(Required to achieve compliance to this standard)IEC 62443-2-1, IEC TS 62443-1-1
Informative References(Provided for Information)IEC 62443-2-1, ECE/TRADE/C/CEFACT/2009/24, IEC 62443-2-4, ISO 8601:2004, ISO 3166-1:2006, ISO 3166-2:2007, ISO 4217:2008, IEC 62443-4-1, ISO 639-1:2002, ECE/TRADE/C/CEFACT/2009/25
International RelationshipsIEC TR 62443-2-3:2015
DescriptorsData security, Industrial, Risk assessment, Communication networks, Access control (data), Data processing, Information exchange, Management, Data storage protection, Security, Process control, Computer networks, Control systems, Automatic control systems
ICS25.040.40
35.030
35.040.40
35.100.01
35.100.05
CommitteeGEL/65
ISBN978 0 580 83544 5
PublisherBSI
FormatA4
DeliveryYes
Pages66
File Size2.284 MB
Price£254.00


 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents


Develop a PAS

Develop a fast-track standardization document in 9-12 months


BSOL

The faster, easier way to work with standards


Tracked Changes

Understand the changes made to a standard with our new Tracked Changes version


Customers who bought this product also bought

  • IEC TR 62443-3-1:2009
    Industrial communication networks. Network and system security Part 3-1: Security technologies for industrial automation and control systems
  • DD IEC/PAS 62443-3:2008
    Security for industrial process measurement and control Network and system security
  • BS EN IEC 62443-4-1:2018
    Security for industrial automation and control systems Secure product development lifecycle requirements
  • IEC TS 62443-1-1:2009
    Industrial communication networks. Network and system security Part 1-1: Terminology, concepts and models