Mapping ISO to IEC 62443

Most cyber risks and events are associated with the compromise of endpoints or commodity systems, HMIs, Historians, AD servers, EWS, and technician laptops. This means we need to be considering these endpoints vs. merely monitoring network traffic when treating cyber-risk down to tolerable levels for the organization. The IEC 62443 standards have high-level, concentrated advice, but in comparison to NIST-SP technical requirements, it is not as clear because 62443 was designed to be highly agnostic and applicable to many industries.

When looking at the 62443 foundational requirements (FR) and security requirements (SR), many can be found within a cybersecurity program or tweaked to focus on endpoints and fulfilled using technology. Security continuously degrades and audits/remediation requires resources, but security controls per asset can be implemented and monitored so OT systems management (OTSM) teams can get ahead of the problem (where possible) using the correct solutions.

This session is about mapping endpoint security capabilities to those outlined in the 62443 families, using multiple products to tie FR/SRs together, and how to gain visibility on gaps, security-level (SL) variances, etc. via a centralized platform strategy that enables teams to act.

During this presentation, you will learn:

  • An introduction to the 62443 FR/SRs with respect to endpoint security
  • A mapping of FR/SRs to the various capabilities or products out there
  • An example of an HMI “blueprint” with a specific target security level (SL-T)
  • An example illustrating variance between an achieved security level (SL-As) vs. the desired SL-T via a compliance strategy
  • An example dashboard report showing overall results as a feedback system for your CSMS
  • Next steps to expanding this concept

Related Resources


5 Steps to Build an ICS Cybersecurity Program with IEC 62443 Standards

This article is intended to help asset owners, integrators and customers understand how to begin a cybersecurity program to improve overall maturity against the elements of the IEC 62443 standard.

Learn More
Blog, Guide

The Ultimate Guide to Protecting OT Systems with IEC 62443

This comprehensive collection of standards is laser-focused on industrial controls. Here’s how to make the most of them.

Learn More

5 Principles for Designing a Successful Governance Model for OT Cyber Security

In today’s large and complex industrial organizations, the right cyber security governance structure depends on the culture and existing model of the rest of the organization, as well as coordination and shared decision-rights across IT, security/risk management, operations, and finance. Download the “5 Principles for Designing a Successful Governance Model for OT Cyber Security” to discover the five guiding principles…

Learn More