ISA99 are cybersecurity standards developed by ISA (International Society of Automation) committee. The committee contains 500+ members representing different companies across the globe. The committee or the standards stand for protect the cyber environment of a user or organization.
The committee addresses:
- Endangerment of public or employee safety
- Loss of public confidence
- Violation of regulatory requirements
- Loss of proprietary or confidential information
- Economic loss
- Impact on national security
The ISA99 consist of 4 main IEC 62443 series of standards:
Policies & Procedures
This IEC 62443 series general is about Terminology, concepts and models, Foundational Material and Consistent Terminology. And Security Compliance Metrics.
Policies and Procedures:
2-2 and 2-1 functions on Establishing & Operating a Security Program: Specifically concerned on Asset Owner, Non-Technical, IACS-Specific Requirements & Guidance.
2-3 is for Patch management: Applying Well- Established Practices to IACS XML Schema for Patch Descriptions.
3-1 for Security Technologies: Guidance on applying, Existing Tools, Technology and Controls to IACS.
3-2 for Zones & Conduits: Defining Logical Architecture Breakdown, Determine Target SALs
3-3 for System-Level Security Requirements: Technical Controls, IACS-Specific Requirements & Guidance, Specifies Capability SALs.
4-1 for Product Development Lifecycle: Requirements for Each development Phase, Building security in from the ground up.
4-2 for Component-Level Security Requirements: Technical controls, Expand system - Level reqs. for individual components, IACS-specific requirements & guidance, Specifies capability SALs.