The brand new ICSA Certification by ISASecure for IIoT devices

Reading time: 3 minutes - Difficulty: Advanced
The ISASecure® program is announcing the new ISASecure® certification offering for industrial internet of things (IIoT) components based on the ISA/IEC 62443 series of standards.

What is the ICSA Certificate

The IIoT Component Security Assurance (ICSA) certification was inspired by recommendations published in the joint ISA Global Security Alliance (ISAGCA) and ISA Security Compliance Institute (ISCI) study.
The ISASecure IIoT Component Security Assurance (ICSA) is a security certification program for IIoT devices and IIoT gateways. ICSA certification applies to IACS (Industrial Automation Control System) components that:

  • Meet the definition in the standard IEC 62443-4-2 Security for industrial automation and control systems Part 4-2: Technical security requirements for IACS components, for at least one of embedded device, host device, or network device
  • Meet one or both of the following definitions for IIoT device and IIoT gateway

More specifically:

  • An IIoT device is an entity that is a sensor or actuator for a physical process, or communicates with sensors or actuators for a physical process, that directly connects to an untrusted network to support and/or use data collection and analytic functions accessible via that network.
  • An IIoT gateway is an entity of an IioT system that connects one or more proximity networks and the IioT devices on those networks to each other and directly connects to one or more untrusted access networks

All the other types of certificate

The ICSA certificate enriches the range of certificates issued by the accredited ISASecure® certification bodies.

In addition to ICSA, the other types of certificates are:

  • ISASecure Security Development Lifecycle Assurance (SDLA) according to IEC 62443-4-1
  • ISASecure System Security Assurance (SSA) according to IEC 62443-3-3
  • ISASecure Component Security Assurance (CSA) according to IEC 62443-4-2

Who issues the certification

While ISCI develops and maintains the Certification Scheme, it does not perform the certification itself.

This is done by an ISASecure® Certification Body, which is an organization that specializes in third-party conformity assessments. Certification bodies are accredited by an accreditation body based on the ISO/IEC 17065 standard, which addresses topics such as confidentiality and impartiality in the certification process.

ISASecure® Certificate issued by a Certification Body is globally recognized and demonstrates that the applicable ISA/IEC 62443 requirements have been met.

In the world, there are only seven ISASecure® accredited Certification Bodies, including us, BYHON.