ISA99 - Industrial automation cyber security system

ISA99 are cybersecurity standards developed by ISA (International Society of Automation) committee. The committee contains 500+ members representing different companies across the globe. The committee or the standards stand for protect the cyber environment of a user or organization.

The committee addresses:

  • Endangerment of public or employee safety
  • Loss of public confidence
  • Violation of regulatory requirements
  • Loss of proprietary or confidential information
  • Economic loss
  • Impact on national security

The ISA99 consist of 4 main IEC 62443 series of standards:

  • General

  • Policies & Procedures

  • System

  • Component


This IEC 62443 series general is about Terminology, concepts and models, Foundational Material and Consistent Terminology. And Security Compliance Metrics.

Policies and Procedures:

  • 2-2 and 2-1 functions on Establishing & Operating a Security Program: Specifically concerned on Asset Owner, Non-Technical, IACS-Specific Requirements & Guidance.

  • 2-3 is for Patch management: Applying Well- Established Practices to IACS XML Schema for Patch Descriptions.


  • 3-1 for Security Technologies: Guidance on applying, Existing Tools, Technology and Controls to IACS.

  • 3-2 for Zones & Conduits: Defining Logical Architecture Breakdown, Determine Target SALs

  • 3-3 for System-Level Security Requirements: Technical Controls, IACS-Specific Requirements & Guidance, Specifies Capability SALs.


  • 4-1 for Product Development Lifecycle: Requirements for Each development Phase, Building security in from the ground up.

  • 4-2 for Component-Level Security Requirements: Technical controls, Expand system - Level reqs. for individual components, IACS-specific requirements & guidance, Specifies capability SALs.