IIC and ISA announce enhanced security guidance for industrial automation and control systems

The Industry IoT Consortium (IIC) and the International Society of Automation recently announced the IoT Security Maturity Model (SMM): 62443 Mappings for Asset Owners and Product Suppliers.

The IIC IoT SMM helps organizations choose their security target state and determine their current security state. By repeatedly comparing the target and current states, organizations can identify where they can make further improvements.

“This new guidance extends the previously published IoT Security Maturity Model (SMM): Practitioner’s Guide to provide mappings to existing 62443 standards and specific guidance for the asset owner and product supplier roles,” said Ron Zahavi, chief strategist for IoT standards at Microsoft and IoT SMM co-author.

The ISA99 committee developed the 62443 series of standards, which the International Electrotechnical Commission (IEC) adopted. The standards address current and future vulnerabilities in industrial automation and control systems (IACS) and apply necessary mitigation systematically and defensibly. The ISA/IEC 62443 standards focus only on the maturity of security programs and processes.

“Achieving security maturity targets can be difficult to put into practice without concrete guidance,” said Frederick Hirsch, co-chair of the IIC ISA/IIC contributing group. “These 62443 mappings enable practitioners to better achieve security maturity by relating IIC IoT  SMM practice comprehensiveness levels to ISA/IEC 62443 requirements. In this way, IACS  asset owners and product suppliers can achieve appropriate maturity targets more easily.”

The IoT SMM: 62443 Mappings for Asset Owners and Product Suppliers document can be downloaded from IIC and ISA websites.