Industrial Cybersecurity Standards
IACS security standards for networked industrial automation and control systems. IEC 62443 is the primary international series.
Quick Routing
Networked PLC or controller? → IEC 62443-3-3 (Zone/Conduit + SL design)
Asset Owner — need a security program? → IEC 62443-2-1 (CSMS)
Buying or certifying a product? → IEC 62443-4-2 (component requirements)
Developing safety PLC software? → IEC 62443-4-1 (secure development lifecycle)
Safety system with network interface? → IEC 62443 + IEC 61511 (or IEC 62061)
IEC 62443 Series
| Standard | Scope | Status |
|---|---|---|
| IEC 62443 (full page) | IACS security — Zone/Conduit, Security Levels, FRs, lifecycle | Phase 5 Complete |
| IEC 62443-2-1 | Security management system (CSMS) | Covered in IEC 62443 page |
| IEC 62443-3-3 | System security requirements and SL levels | Covered in IEC 62443 page |
| IEC 62443-4-1 | Secure product development lifecycle | Covered in IEC 62443 page |
| IEC 62443-4-2 | Component security requirements | Covered in IEC 62443 page |
Relationship to Functional Safety
Cybersecurity and functional safety are separate but interdependent disciplines for networked safety systems:
- IEC 61511:2016 requires a cybersecurity risk assessment for safety instrumented systems.
- IEC 62061 does not explicitly mandate a cybersecurity assessment but the principle that a safety function must not be defeated by a foreseeable means applies.
- A successful cyberattack on a safety system is a safety hazard — the cybersecurity Zone/Conduit design must protect the safety function as well as the system.
| See also | Link |
|---|---|
| Networked Safety PLC scenario | Scenario 04 |
| Software Stack and routing guide | Software Stack |
| Functional safety family | Functional Safety |
Out-of-Scope for This Corpus
| Topic | Status |
|---|---|
| IEC 60079 (hazardous area) | NOT CONFIRMED IN CORPUS |
| NIST SP 800-82 (US OT security guide) | NOT IN CORPUS |
| NERC CIP (electric utility cybersecurity) | NOT IN CORPUS |
| ISA/IEC 62443 certification schemes | NOT IN CORPUS — verify against ISASecure and TÜV certification bodies |
This site is a personal-use paraphrase and navigation reference for industrial automation standards. It is not a substitute for authoritative standards documents, professional engineering judgment, or legal review. All content is sourced from a local RAG corpus and has not been independently verified against current published editions.
Items marked TO VERIFY have limited or unconfirmed local coverage. Items marked NOT IN CORPUS are not covered in the local repository. Do not rely on this site for compliance determinations, safety-critical design decisions, or legal interpretation.