Applus+ Laboratories, accredited as a National Certification Body (NCB) and authorized CB Testing Laboratory*, offers comprehensive cybersecurity evaluations for industrial components and products in accordance with the IEC 62443-4-1 and IEC 62443-4-2 standards as part of the CB Scheme.
The IEC 62443 series of standards, introduced by the International Electrotechnical Commission (IEC), aims to safeguard industrial automation and control systems (IACS) through comprehensive guidelines and best practices. There are two specific standards in the series that address IAC components cybersecurity: the IEC 62443-4-1 and IEC 62443-4-2.
To demonstrate compliance with these 2 standards, manufacturers can subject their products to testing and certification under the IEECE CB Scheme, a global program applicable in over 50 countries.
Evaluation and certification under the IEC 62443-4-1 standard cover the secure development and lifecycle of the product. On the other hand, the IEC 62443-4-2 standard focuses on the security requirements for components like embedded devices, network components, host components and software applications.
Applus+ Laboratories provides evaluation and certification for the following standards:
Requirements for product lifecycle development. These 47 process requirements work to secure development of IACS device products throughout their life cycle. There are four maturity levels, showing the requirements that have been evaluated and their level of maturity.
| Maturity Level | IEC 62443-4-1 Description |
|---|---|
| Initial |
|
| Managed |
|
| Defined |
|
| Improving |
|
Technical Security Requirements for IACS components. A catalog of 141 requirements that should be met by industrial components. It has four security levels depending on established requirements to be met. More information at the jtsec Applus+ official site.
| Security level | Attack type | |||
|---|---|---|---|---|
| Violation Type | Means Type | Resource Level | Motivation | |
| SL-1 | Coincidental | N/A | N/A | N/A |
| SL-2 | Intentional | Simple | Low | Low |
| SL-3 | Intentional | Sophisticated | Moderate | Moderate |
| SL-4 | Intentional | Sophisticated | Extended | High |
IEC 62443-4-1 and IEC 62443-4-2 evaluation involves the vendor, the testing laboratory and the certification body.
The first step is preparing our organization to ensure a successful certification. We can help you with a Gap Analysis and support the development of the relevant documentation.
Then, the vendor must make a formal request for certification and evaluation to a National Certification Body (NCB). This NCB will then proceed to process the application and assign a CB Testing Laboratory (CBTL) to oversee conducting the evaluation.
At Applus+ Laboratories we are both NCB and CBTL* for Cybersecurity standards IEC 62443-4-1 and IEC 62443-4-2. You will have a single point of contact through the whole process.
If the applicant wants to receive an additional certificate from a national certification body, they can do so by sending their certificate, alongside the test report to any other NCB.
The IEC 62443-4-1 and IEC 62443-4-2 certificate ensures the product's resilience against cybersecurity threats. This in turn helps strengthen security through its whole lifecycle and builds market acceptance and trust amongst the integrator and end-users (the asset owner).
Additionally, it facilitates product acceptance across markets. More than 50 countries form part of and participate in the IEC CB Scheme certificate. The acquired mutual recognition from this certification helps reduce the number of tests and avoids differentiations in criteria certification among countries.
We are experts in a wide range of cybersecurity industries. Here’s why we’re your best choice:
*Applus+ Laboratories NCB for the Cybersecurity category is LGAI Technological Center S.A. and its CBTL is jtsec Beyond IT Security SL. For electrical safety standards, our NCB is QPS Evaluation Services, Inc. and we have to CBTL. All those companies are part of the Applus+ group.
Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). You can accept all cookies by pressing the "Accept" button or configure or reject their use. Consult our Cookies Policy for more information.
They allow the operation of the website, loading media content and its security. See the cookies we store in our Cookies Policy.
They allow us to know how you interact with the website, the number of visits in the different sections and to create statistics to improve our business practices. See the cookies we store in our Cookies Policy.