Thanks to our IECEE CB testing laboratory, jtsec Applus+, authorized for industrial cybersecurity, we can provide security evaluations for components and products under IEC 62443-4-1 and IEC 62443-4-2 standards.
The IEC 62443 series of standards, introduced by the International Electrotechnical Commission (IEC), aims to safeguard industrial automation and control systems (IACS) through comprehensive guidelines and best practices. There are two specific standards in the series that address IAC components cybersecurity: the IEC 62443-4-1 and IEC 62443-4-2.
To demonstrate compliance with these 2 standards, manufacturers can subject their products to testing and certification under the IEECE CB Scheme, a global program applicable in over 50 countries.
Evaluation and certification under the IEC 62443-4-1 standard cover the secure development and lifecycle of the product. On the other hand, the IEC 62443-4-2 standard focuses on the security requirements for components like embedded devices, network components, host components and software applications.
Applus+ Laboratories provides evaluation and certification for the following standards:
Requirements for product lifecycle development. These 47 process requirements work to secure development of IACS device products throughout their life cycle. There are four maturity levels, showing the requirements that have been evaluated and their level of maturity.
| Maturity Level | IEC 62443-4-1 Description |
|---|---|
| Initial |
|
| Managed |
|
| Defined |
|
| Improving |
|
Technical Security Requirements for IACS components. A catalog of 141 requirements that should be met by industrial components. It has four security levels depending on established requirements to be met. More information at the jtsec Applus+ official site.
| Security level | Attack type | |||
|---|---|---|---|---|
| Violation Type | Means Type | Resource Level | Motivation | |
| SL-1 | Coincidental | N/A | N/A | N/A |
| SL-2 | Intentional | Simple | Low | Low |
| SL-3 | Intentional | Sophisticated | Moderate | Moderate |
| SL-4 | Intentional | Sophisticated | Extended | High |
IEC 62443-4-1 and IEC 62443-4-2 evaluation involves the vendor, the testing laboratory and the certification body.
The first step is preparing our organization to ensure a successful certification. We can help you with a Gap Analysis and support the development of the relevant documentation.
Then, the vendor must make a formal request for certification and evaluation to a National Certification Body (NCB). This NCB will then proceed to process the application and assign a CB Testing Laboratory (CBTL) to oversee conducting the evaluation.
As a CBTL, jtsec Applus+ forms an essential part of this process. Our job is to evaluate the product and issue a test report. Before issuing a certificate, an NCB ensures everything is in order by reviewing and validating this test report. Right now, we work with an external NCB, but Applus+ Laboratories is in process to become NCB for IEC 62443-4-1 and IEC 62443-4-2.
If the applicant wants to receive an additional certificate from a national certification body, they can do so by sending their certificate, alongside the test report to any other NCB.
The IEC 62443-4-1 and IEC 62443-4-2 certificate ensures the product's resilience against cybersecurity threats. This in turn helps strengthen security through its whole lifecycle and builds market acceptance and trust amongst the integrator and end-users (the asset owner).
Additionally, it facilitates product acceptance across markets. More than 50 countries form part of and participate in the IEC CB Scheme certificate. The acquired mutual recognition from this certification helps reduce the number of tests and avoids differentiations in criteria certification among countries.
We are experts in a wide range of cybersecurity industries. Here’s why we’re your best choice:
Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). You can accept all cookies by pressing the "Accept" button or configure or reject their use. Consult our Cookies Policy for more information.
They allow the operation of the website, loading media content and its security. See the cookies we store in our Cookies Policy.
They allow us to know how you interact with the website, the number of visits in the different sections and to create statistics to improve our business practices. See the cookies we store in our Cookies Policy.