IEC 62443: From Industry Recognized Standard to Base for Security Certification
IEC 62443 has steadily developed into an internationally recognized standard for the security of connected products. Initially designed to serve the domain of Industrial Control Systems and Applications, IEC 62443 is now widely regarded as a reference standard for the assessment of industrial components, as well as medical devices, network products or consumer IoT products. The standard offers a mature framework, covering the areas of organization, processes, risk assessment, components and systems security. This also places IEC 62443 as a good basis for defining security certification initiatives. The presentation will provide an overview of the various parts of the standard, focusing on the aspects of component and system evaluation. Moreover, existing certification schemes based on IEC 62443 such as IECEE or ISASecure will be discussed, as well as the existing practical limitations to be considered and addressed in the future.