-50% discount* If you buy the same UNE standard in different languages. * Discount on the lower pvp.

IEC 62443-2-4:2023

Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providers

Edition date: 2023-12-15
In Force
Available languages: English, French
Summary: IEC 62443-2:2023 specifies a comprehensive set of requirements for security-related processes that IACS service providers can offer to the asset owner during integration and maintenance activities of an Automation Solution. Because not all requirements apply to all industry groups and organizations, Subclause 4.1.4 provides for the development of "profiles" that allow for the subsetting of these requirements. Profiles are used to adapt this document to specific environments, including environments not based on an IACS.
NOTE 1 The term "Automation Solution" is used as a proper noun (and therefore capitalized) in this document to prevent confusion with other uses of this term. Collectively, the security processes offered by an IACS service provider are referred to as its Security Program (SP) for IACS asset owners. In a related specification, IEC 62443-2-1 describes requirements for the Security Management System of the asset owner.
NOTE 2 In general, these security capabilities are policy, procedure, practice and personnel related. Figure 1 illustrates the integration and maintenance security processes of the asset owner, service provider(s), and product supplier(s) of an IACS and their relationships to each other and to the Automation Solution. Some of the requirements of this document relating to the safety program are associated with security requirements described in IEC 62443-3-3 and IEC 62443-4-2.
NOTE 3 The IACS is a combination of the Automation Solution and the organizational measures necessary for its design, deployment, operation, and maintenance.
NOTE 4 Maintenance of legacy system with insufficient security technical capabilities, implementation of policies, processes and procedures can be addressed through risk mitigation.

L’IEC 62453-2:2023 fournit des informations sur l’intégration de la technologie CIP™ dans la spécification des interfaces des outils des dispositifs de terrain (FDT) (IEC 62453-2). La Famille de profils de communication 2 (communément appelée CIP™ définit des profils de communication basés sur les normes IEC 61158‑2 Type 2, IEC 61158‑3‑2, IEC 61158‑4‑2, IEC 61158‑5‑2, IEC 61158‑6‑2 et IEC 62026‑3. Les profils de base CP 2/1 (ControlNet™), CP 2/2 (EtherNet/IP™) et CP 2/3 (DeviceNet™1) sont définis dans l’IEC 61784-1 et l’IEC 61784-2. Un Profil de communication supplémentaire (CompoNet™1), également basé sur CIP™, est défini dans l’IEC 62026-7. La présente partie de l’IEC 62453 spécifie les services de communication et autres services. La présente spécification ne contient pas la spécification des outils FDT et ne la modifie pas.CIP™ (Common Industrial Protocol), DeviceNet™ et CompoNet™ sont les appellations commerciales de Open DeviceNet Vendor Association, Inc (ODVA). Cette information est donnée à l’intention des utilisateurs du présent document et ne signifie nullement que l’IEC approuve ou recommande le détenteur de la marque ou de l’un quelconque de ses produits. La conformité à la présente norme n’exige pas l’emploi des appellations commerciales CIP™, DeviceNet™ ou CompoNet™. L’utilisation des appellations commerciales CIP™, DeviceNet™ ou CompoNet™ nécessite l’autorisation de Open DeviceNet Vendor Association, Inc. ControlNet™ est l’appellation commerciale de ControlNet International, Ltd. Cette information est donnée à l’intention des utilisateurs du présent document et ne signifie nullement que l’IEC approuve ou recommande le détenteur de la marque ou de l’un quelconque de ses produits. La conformité à ce profil n’exige pas l’emploi de l’appellation commerciale ControlNet™. L’utilisation de l’appellation commerciale ControlNet™ nécessite l’autorisation de ControlNet International, Ltd. EtherNet/IP™ est l’appellation commerciale de ControlNet International, Ltd et de Open DeviceNet Vendor Association, Inc. Cette information est donnée à l’intention des utilisateurs du présent document et ne signifie nullement que l’IEC approuve ou recommande le détenteur de la marque ou de l’un quelconque de ses produits. La conformité à ce profil n’exige pas l’emploi de l’appellation commerciale EtherNet/IP™. L’utilisation de l’appellation commerciale EtherNet/IP™ nécessite l’autorisation de ControlNet International, Ltd. ou de Open DeviceNet Vendor Association, Inc.
ICS: 35.100.05-Multilayer applications, 25.040.40-Industrial process measurement and control
CTN: TC 65 - 1250

Standards Cancellations

Anula a IEC 62443-2-4:2015

Anula a IEC 62443-2-4:2015/COR1:2015

Anula a IEC 62443-2-4:2015/AMD1:2017

Otras Relaciones

Acuerdo de Frankfurt FprEN IEC 62443-2-4:2023

The book in the author's words

Ultricies magna feugiat malesuada sociosqu varius vivamus cubilia parturient, himenaeos vitae vehicula nam placerat netus urna platea, nostra rutrum felis mattis penatibus velit quisque.

Button
Frequently Asked Questions Do you have any questions about our products?
  • Standards UNE, EN, ISO, IEC, BSI, DIN, ASTM, AFNOR, IEEE, SAE
  • In addition, you can request the rules of the rest of the organizations through the e-mail normas@aenor.com
  • Technical books on paper and in electronic format (PDF, epub).

The standards can be purchased in PDF, reading or paper. The reading standards are not download files, they can only be viewed in the client area. The standards ordered on paper and some of the books in the catalogue are printed on demand. 

Check deadlines in normas@aenor.com.

The license of use is for one user and one device, if you want to reproduce the content of the standard, you must request a license that will have an additional cost. Send us your inquiry here 

The AENOR standards and books that appear in the online store can only be purchased exclusively through the website. AENOR does not have a physical store.

Purchase procedure: by clicking on "Buy" the desired products will go to the shopping cart. If there are display problems, the recommended browser is Chrome.

To formalize the purchase you must access the customer area. If you are not registered as a customer, you must fill in a form with the data along with a password and username. This will create the account.

Once the "Customer data" form has been completed, "Order in progress" will be displayed with all the items loaded in the shopping cart, their prices, taxes established in current legislation and shipping costs if applicable.

The prices of the standards and books that appear in the various sections do not include taxes or shipping costs.

AENOR promotional codes consist of alphanumeric characters and can only be applied to online purchases, received through a specific offer and for a limited time. To apply your promotional code, you just have to enter it in step 2 of 4 of the purchase process on the website and click on "apply", after you have identified yourself and chosen the payment methods. Promo codes are not cumulative.

 

  • Credit or debit card (Visa, Mastercard) and PayPal.
  • Bank transfer. If you opt for this form of payment, you must first send AENOR a copy of the transfer by email to normas@aenor.com
  • The purchase invoice can be downloaded from the customer area, in my previous orders

In the case of clients of companies based abroad, the taxpayer identification number of the corresponding country (for example, in Argentina the CUIT), must be filled in the CIF/NIF - VAT field .

  • Direct download via the website in the Customer Area. In the customer area, which can only be accessed with a password and username, the products purchased will be available for a period of fifteen days from the date of purchase, as long as the payment has been accepted. Files in digital format are protected and in no case editable. Before purchasing them, it is important that the license of use is read and accepted as a prior step to purchase.
  • Shipping by courier. Products purchased on physical media are shipped by courier. The maximum delivery time in Spanish territory, from the acceptance of the order by AENOR, is:
  •  Approximately seven working days for all standards purchased through the store in paper format.
  • Approximately three days for books purchased through the store. Stocks of paper books are limited and their offer on the website does not imply availability within the indicated period. In the event that the requested book is not available, the customer is notified of the delay in receiving the order, which will be approximately seven working days. 

For the rest of the products that are not on the website, check availability and delivery time at normas@aenor.com.

1. For digital products (PDF, Epub), once delivery has been made by direct download via the website in the Customer Area, you will not have the right to exercise your right of withdrawal.

2. For personalised products on paper, once the purchase has been made, you will not have the right to exercise your right of withdrawal.

3.  For all other paper products, you have the right to withdraw from the sale within 14 calendar days from the date of purchase. Remember that for the return it is essential that the product is in perfect condition, sealed by the packaging and preserving its original packaging. The customer will be responsible for pickup and shipping costs.

The order invoice includes shipping costs, so there is no amount to pay to the courier. Shipping costs are calculated based on both the final destination of the order and the number of products ordered. They include transport and packaging costs. Shipping costs are subject to periodic revisions. Outlet books will have free shipping costs only if the shipment is made in the Peninsula.

Destination Up to three standards and/or publications From three standards and/or publications
Peninsula 7,31€ 8,60€
Balearic Islands 18,04€ 23,34€
Canary Islands, Ceuta and Melilla  18,04€ 23,34€
Europe 59,17€ 80,07€
United States and Canada 70,07€ 96,94€
Rest of the world 91,94€ 115,91€
  • Purchases made by residents of the Member States of the European Union will be subject to the payment of VAT (value added tax).
  • ​​
  • In the case of legal persons and natural persons who, acting as entrepreneurs, are domiciled in a Member State of the European Union (except residents in Spain) and have an intra-community NIF/VAT registered in the VIES census, they will be exempt from paying VAT, being an essential condition the sending of this document by email to normas@aenor.com.
  • Purchases made in a private capacity (natural person), regardless of where they have their residence, will be subject to the payment of VAT.
  • Purchases made by entities in non-EU countries will be exempt from paying VAT, as long as they send the corresponding tax residence document by email to normas@aenor.com.
  • The sale operations will be understood to have been carried out at AENOR's registered office: Génova 6, 28004, Madrid – Spain. 

The contract for the purchase of products through this Website shall be governed by Spanish law. Any dispute arising out of or in connection with the use of the Website or such contract shall be subject to the exclusive jurisdiction of the Courts and Tribunals of Madrid.

Notwithstanding the foregoing, if you are entering into this contract as a consumer under the terms of Royal Decree 1/2007, nothing in this clause shall affect the rights that may be granted to you as such under applicable law.