{"id":244397,"date":"2024-10-19T16:03:21","date_gmt":"2024-10-19T16:03:21","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bs-en-iec-62443-3-22020\/"},"modified":"2024-10-25T11:02:23","modified_gmt":"2024-10-25T11:02:23","slug":"bs-en-iec-62443-3-22020","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bs-en-iec-62443-3-22020\/","title":{"rendered":"BS EN IEC 62443-3-2:2020"},"content":{"rendered":"<p>IEC 62443-3-2:2020 establishes requirements for: \u2022 defining a system under consideration (SUC) for an industrial automation and control system (IACS); \u2022 partitioning the SUC into zones and conduits; \u2022 assessing risk for each zone and conduit; \u2022 establishing the target security level (SL-T) for each zone and conduit; and \u2022 documenting the security requirements.<\/p>\n<h4>PDF Catalog<\/h4>\n<table border=\"1px\" class=\"des-table\">\n<tr>\n<th>PDF Pages<\/th>\n<th>PDF Title<\/th>\n<\/tr>\n<tr>\n<td><b>2<b><\/td>\n<td>undefined  <\/td>\n<\/tr>\n<tr>\n<td><b>5<b><\/td>\n<td>Annex ZA(normative)Normative references to international publicationswith their corresponding European publications  <\/td>\n<\/tr>\n<tr>\n<td><b>7<b><\/td>\n<td>English <br \/> CONTENTS  <\/td>\n<\/tr>\n<tr>\n<td><b>9<b><\/td>\n<td>FOREWORD  <\/td>\n<\/tr>\n<tr>\n<td><b>11<b><\/td>\n<td>INTRODUCTION  <\/td>\n<\/tr>\n<tr>\n<td><b>12<b><\/td>\n<td>1 Scope <br \/> 2 Normative references <br \/> 3 Terms, definitions, abbreviated terms, acronyms and conventions <br \/> 3.1 Terms and definitions  <\/td>\n<\/tr>\n<tr>\n<td><b>15<b><\/td>\n<td>3.2 Abbreviated terms and acronyms  <\/td>\n<\/tr>\n<tr>\n<td><b>16<b><\/td>\n<td>3.3 Conventions <br \/> 4 Zone, conduit and risk assessment requirements <br \/> 4.1 Overview  <\/td>\n<\/tr>\n<tr>\n<td><b>17<b><\/td>\n<td>Figure 1 \u2013 Workflow diagram outlining the primary steps requiredto establish zones and conduits, as well as to assess risk  <\/td>\n<\/tr>\n<tr>\n<td><b>18<b><\/td>\n<td>4.2 ZCR 1: Identify the SUC <br \/> 4.2.1 ZCR 1.1: Identify the SUC perimeter and access points <br \/> 4.3 ZCR 2: Initial cyber security risk assessment <br \/> 4.3.1 ZCR 2.1: Perform initial cyber security risk assessment  <\/td>\n<\/tr>\n<tr>\n<td><b>19<b><\/td>\n<td>4.4 ZCR 3: Partition the SUC into zones and conduits <br \/> 4.4.1 Overview <br \/> 4.4.2 ZCR 3.1: Establish zones and conduits <br \/> 4.4.3 ZCR 3.2: Separate business and IACS assets <br \/> 4.4.4 ZCR 3.3: Separate safety related assets  <\/td>\n<\/tr>\n<tr>\n<td><b>20<b><\/td>\n<td>4.4.5 ZCR 3.4: Separate temporarily connected devices <br \/> 4.4.6 ZCR 3.5: Separate wireless devices <br \/> 4.4.7 ZCR 3.6: Separate devices connected via external networks  <\/td>\n<\/tr>\n<tr>\n<td><b>21<b><\/td>\n<td>4.5 ZCR 4: Risk comparison <br \/> 4.5.1 Overview <br \/> 4.5.2 ZCR 4.1: Compare initial risk to tolerable risk <br \/> 4.6 ZCR 5: Perform a detailed cyber security risk assessment  <br \/> 4.6.1 Overview  <\/td>\n<\/tr>\n<tr>\n<td><b>22<b><\/td>\n<td>4.6.2 ZCR 5.1: Identify threats <br \/> Figure 2 \u2013 Detailed cyber security risk assessment workflow per zone or conduit  <\/td>\n<\/tr>\n<tr>\n<td><b>23<b><\/td>\n<td>4.6.3 ZCR 5.2: Identify vulnerabilities <br \/> 4.6.4 ZCR 5.3: Determine consequence and impact  <\/td>\n<\/tr>\n<tr>\n<td><b>24<b><\/td>\n<td>4.6.5 ZCR 5.4: Determine unmitigated likelihood <br \/> 4.6.6 ZCR 5.5: Determine unmitigated cyber security risk <br \/> 4.6.7 ZCR 5.6: Determine SL-T  <\/td>\n<\/tr>\n<tr>\n<td><b>25<b><\/td>\n<td>4.6.8 ZCR 5.7: Compare unmitigated risk with tolerable risk <br \/> 4.6.9 ZCR 5.8: Identify and evaluate existing countermeasures <br \/> 4.6.10 ZCR 5.9: Reevaluate likelihood and impact  <\/td>\n<\/tr>\n<tr>\n<td><b>26<b><\/td>\n<td>4.6.11 ZCR 5.10: Determine residual risk <br \/> 4.6.12 ZCR 5.11: Compare residual risk with tolerable risk <br \/> 4.6.13 ZCR 5.12: Identify additional cyber security countermeasures  <\/td>\n<\/tr>\n<tr>\n<td><b>27<b><\/td>\n<td>4.6.14 ZCR 5.13: Document and communicate results <br \/> 4.7 ZCR 6: Document cyber security requirements, assumptions and constraints <br \/> 4.7.1 Overview <br \/> 4.7.2 ZCR 6.1: Cyber security requirements specification  <\/td>\n<\/tr>\n<tr>\n<td><b>28<b><\/td>\n<td>4.7.3 ZCR 6.2: SUC description <br \/> 4.7.4 ZCR 6.3: Zone and conduit drawings <br \/> 4.7.5 ZCR 6.4: Zone and conduit characteristics  <\/td>\n<\/tr>\n<tr>\n<td><b>29<b><\/td>\n<td>4.7.6 ZCR 6.5: Operating environment assumptions  <\/td>\n<\/tr>\n<tr>\n<td><b>30<b><\/td>\n<td>4.7.7 ZCR 6.6: Threat environment <br \/> 4.7.8 ZCR 6.7: Organizational security policies <br \/> 4.7.9 ZCR 6.8: Tolerable risk  <\/td>\n<\/tr>\n<tr>\n<td><b>31<b><\/td>\n<td>4.7.10 ZCR 6.9: Regulatory requirements <br \/> 4.8 ZCR 7: Asset owner approval <br \/> 4.8.1 Overview <br \/> 4.8.2 ZCR 7.1: Attain asset owner approval  <\/td>\n<\/tr>\n<tr>\n<td><b>32<b><\/td>\n<td>Annex A (informative)Security levels  <\/td>\n<\/tr>\n<tr>\n<td><b>33<b><\/td>\n<td>Annex B (informative)Risk matrices <br \/> Tables <br \/> Table B.1 \u2013 Example of a 3 x 5 risk matrix <br \/> Table B.2 \u2013 Example of likelihood scale  <\/td>\n<\/tr>\n<tr>\n<td><b>34<b><\/td>\n<td>Table B.3 \u2013 Example of consequence or severity scale <br \/> Table B.4 \u2013 Example of a simple 3 x 3 risk matrix  <\/td>\n<\/tr>\n<tr>\n<td><b>35<b><\/td>\n<td>Table B.5 \u2013 Example of a 5 x 5 risk matrix <br \/> Table B.6 \u2013 Example of a 3 x 4 matrix  <\/td>\n<\/tr>\n<tr>\n<td><b>36<b><\/td>\n<td>Bibliography   <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p><b>Security for industrial automation and control systems &#8211; Security risk assessment for system design<\/b><\/p>\n<table class=\"shortdes-table\" style=\"width: 100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td>Published By<\/td>\n<td>Publication Date<\/td>\n<td>Number of Pages<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/pdfstandards.shop\/product-category\/publishers\/bsi\/\"><b>BSI<\/b><\/a><\/td>\n<td>2020<\/td>\n<td>38<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":244402,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[2641],"product_tag":[],"class_list":{"0":"post-244397","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-bsi","8":"first","9":"instock","10":"sold-individually","11":"shipping-taxable","12":"purchasable","13":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/244397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/244402"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=244397"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=244397"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=244397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}