IEC 62443
What is IEC 62443?
IEC 62443The IEC family of standards for the cybersecurity of industrial automation and control systems, addressing asset owners, integrators, and product suppliers.
IEC 62443 is the leading international standard family for industrial automation and control system (IACS) cybersecurity, published jointly by the IEC and ISA. It is structured into four parts — General (62443-1-x), Policies and Procedures (62443-2-x), System (62443-3-x), and Component (62443-4-x) — and defines roles for asset owners, system integrators, and product suppliers. Core concepts include zones and conduits, the seven Foundational Requirements (FR1-FR7), and Security Levels (SL 1-4) that scale with adversary capability. IEC 62443-2-1 covers OT cybersecurity management systems; 62443-3-3 defines system requirements; 62443-4-1 and 4-2 cover secure product development lifecycle and component requirements respectively. It is widely referenced in regulations such as NIS2 and is the de facto baseline for industrial security audits.
● Examples
- 01
A power utility designing its DCS network as IEC 62443 zones and conduits with documented Security Levels.
- 02
A PLC vendor certifying its product line to IEC 62443-4-1 and 4-2 for export tenders.
● Frequently asked questions
What is IEC 62443?
The IEC family of standards for the cybersecurity of industrial automation and control systems, addressing asset owners, integrators, and product suppliers. It belongs to the OT / ICS / IoT category of cybersecurity.
What does IEC 62443 mean?
The IEC family of standards for the cybersecurity of industrial automation and control systems, addressing asset owners, integrators, and product suppliers.
How does IEC 62443 work?
IEC 62443 is the leading international standard family for industrial automation and control system (IACS) cybersecurity, published jointly by the IEC and ISA. It is structured into four parts — General (62443-1-x), Policies and Procedures (62443-2-x), System (62443-3-x), and Component (62443-4-x) — and defines roles for asset owners, system integrators, and product suppliers. Core concepts include zones and conduits, the seven Foundational Requirements (FR1-FR7), and Security Levels (SL 1-4) that scale with adversary capability. IEC 62443-2-1 covers OT cybersecurity management systems; 62443-3-3 defines system requirements; 62443-4-1 and 4-2 cover secure product development lifecycle and component requirements respectively. It is widely referenced in regulations such as NIS2 and is the de facto baseline for industrial security audits.
How do you defend against IEC 62443?
Defences for IEC 62443 typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for IEC 62443?
Common alternative names include: ISA/IEC 62443, ANSI/ISA-62443.
● Related terms
- ot-iot№ 529
Industrial Control System (ICS)
An umbrella term for systems that automate and supervise industrial processes, including SCADA, DCS, PLCs, RTUs, and safety controllers.
- ot-iot№ 762
Operational Technology (OT)
Hardware and software that monitor and control physical processes, devices, and infrastructure such as factories, power plants, and utilities.
- ot-iot№ 881
Purdue Enterprise Reference Architecture
A layered reference model for industrial networks that segments business IT from process control, widely used to design ICS network segmentation.
- ot-iot№ 957
Safety Instrumented System (SIS)
An independent control system that brings a process to a safe state when monitored variables exceed defined limits, protecting people, environment, and assets.
- network-security№ 723
Network Segmentation
The practice of splitting a network into multiple zones with controlled traffic between them to contain breaches and enforce least privilege.
- ot-iot№ 972
SCADA
Supervisory Control and Data Acquisition systems that gather telemetry from remote field devices and let operators monitor and command large industrial processes.
● See also
- № 702Modbus
- № 863PROFINET
- № 334DNP3
- № 758OPC UA
- № 1174TRITON / TRISIS
- № 267Cyber-Physical System (CPS)