OT Cyber Security Certification
BYHON is a certification body and laboratory, accredited according to IEC 17065 and IEC 17025, which implements ISASecure® certification processes and provides conformity assessments for Industrial Cyber Security certification as per IEC 62443 with the ISASecure® scheme with license no. ISCI-CL0005.
BYHON is a certification body and laboratory, accredited according to IEC 17065 and IEC 17025, which implements ISASecure® certification processes and provides conformity assessments for Industrial Cyber Security certification as per IEC 62443 with the ISASecure® scheme.
BYHON has implemented in its compliance assessment model the schemes for compliance verification defined by ISASecure® with license no. ISCI-CL0005, including process verification, Security Development Lifecycle Assurance Certification (SDLA).
The SDLA process scheme is distinctive of ISASecure® certification and preparatory to the assessment of technical compliance of the product – component or system – according to the models of Component Security Assurance Certification (CSA) and System Security Assurance Certification (SSA).
The purpose of the ISASecure® certification service is to perform independent certification showing that a system or component meets the requirements of the IEC 62443 standard for a given level of security (SL-C). The certification scheme is applied in the most comprehensive manner and as the highest recognition of compliance, with a certificate issued by accredited laboratory.
For more information or to request a quote for ISASecure® Certification
For more information or to request a quote for IEC 62443 Certification
When the certification of Cyber Security OT applies
For both options, certification is applicable to manufacturers of industrial control components and systems made available by a single supplier. It also applies when the system consists of hardware and software components from multiple suppliers, subject to integration by a single supplier.
In IEC 62443 and ISA terms, a system is specifically a control system understood as the hardware and software components of an industrial control and automation system (IACS), i.e., an object to be integrated within an IACS system of an entire plant and which can be certified according to the requirements of IEC 62443 for Industrial Cyber Security:
- Combined HMI/PLC Systems
- SCADA Systems
- Control system platforms
- Packaged Control Systems (PCS)
- Distributed Control Systems (DCS)
- Security Instrumented Systems (SIS)
Some steps of the certification processes of Cyber Security OT
Defining the scope of assessment in terms of products to be certified, related configurations and security objectives, planning and collecting all relevant documentation, including diagrams related to architecture and information on essential functions, such as a list of accessible network interfaces, protocols and available services.
Where required, verification of the manufacturer’s CyberSecurity Management System in order to verify that it has been developed and maintained in accordance with the security practices of IEC 62443-4-1.
The security functionality of the system or component is checked against the requirements defined for each Security Level (SL) to assess whether the object of certification complies with the requirements of the standard according to the product (and therefore with reference to IEC 62443-3-3 for systems or IEC 62443-4-2 for components) and its type (embedded component, networking, etc.) and whether it has been developed as per the life cycle verified in the previous point.
Conducting tests as per the validation plan and product vulnerability analysis. This is done with a vulnerability scan and other tests.
Once all the previous steps have been carried out, the result is recorded in an assessment report for review by BYHON’s technical committee. If successful, the final certification of compliance is issued together with the form of an Industrial Cyber Security Certification declaring that the system (or component) complies with IEC 62443 for a given security capability (SL-C).