ISA/IEC 62443 Consulting

ISA/IEC 62443 is a series of standards for securing Industrial Automation and Control Systems (IACS) and Operational Technology (OT) against cyber threats. The standards enjoy wide adoption also in other product categories as they offer a mature and pragmatic approach to building cyber-resilient systems.

Our services

intWave helps product teams in complying with the Secure Development Lifecycle practices of ISA/IEC 62443-4-1. Moreover, through expert consulting intWave ensures that product releases meet the security requirements of ISA/IEC 62443-4-2. In this way, product vendors may certify their development process and products, under a set of internationally acknowledged cybersecurity standards.

Deliverables

  • Secure SDLC Consulting for IEC 62443-4-1 (Gap Analysis, Training and Proposal)
  • Training on Secure Embedded Design and IEC 62443-4-2 requirements
  • Product Classification and IEC 62443-4-2 Gap Analysis
  • Product Threat Model and Risk Assessment
  • Device Security Testing report
  • Product Security Documentation (RACI matrix, Patching Policy, Product Security Plan, Dev. Env. Security Controls, Process Verification Record Templates, Product Security Context, Product Security Requirements Template, Secure Coding Standards, Issue Handling Procedure, Product Security Architecture Document, Product Security Guidelines for Users)

Other related services

  • Consulting for the establishment of a Product SBOM, CBOM and HBOM.
  • Consulting for the setup of SCA, SAST, DAST and Fuzz Testing tools.
  • Secure Development Training on programming languages / technologies used by the development team.
  • Training on Threat Modeling to incorporate Threat Modeling into the requirements analysis phase of projects.
  • Technology Fitness Reviews to help choose appropriate components.
  • Secure Product Design to help implement new secure-by-design mechanisms.
  • Security R&D to obtain prototypes of non-trivial security features in hardware or software.
  • Source Code Auditing to review the source code of product feature sets.
  • Web, Mobile and Desktop Application Security Testing to examine the security of applications from the product ecosystem.
  • Assumed Breach exercise to examine the effectiveness of the product defense-in-depth strategy when certain product elements have been compromised.

Benefits

  • Preparation of artifacts for IEC 62443-4-1 certification of development process.
  • Preparation of artifacts for IEC 62443-4-2 certification of product(s).
  • Formation of agile processes to identify, evaluate, remediate and document security vulnerabilities.
  • Development of products that are secure by design.
  • Documentation of cybersecurity threats affecting the product design.
  • Risk Assessment and Gap Analysis of product against IEC 62443-4-2 requirements.
  • In-depth examination of product implementation for vulnerabilities (in hardware, software and communications).
  • Expert guidance on issue remediation and component selection tasks.
  • Validation of implemented controls through security testing.
  • Drafting of required Product Security Documentation by cybersecurity experts.
  • Expert guidance on complex implementations such as secure storage, secure firmware update and secure boot mechanisms.
  • Efficient project management with bi-weekly updates and integration with client task management tools.
  • Compliance with IEC 62443-4-1 and IEC 62443-4-2 helps prepare product development for compliance with other standards & regulations also (such as EU RED DA, EU CRA etc.).
Schedule a meeting