Manufacturing AUTOMATION

ISA and IIC release updated version of IoT Security Maturity Model

August 9, 2023
By Manufacturing AUTOMATION

The Industry IoT Consortium (IIC) and the International Society of Automation (ISA) updated the IoT Security Maturity Model (SMM): ISA/IEC 62443 Mappings for Asset Owners and Product Suppliers and Service Suppliers.

ISA notes that the updates consider significant updates to the 62443-2-1 standard for industrial automation and control systems (IACS) security programs.

ISA/IEC 62443-2-1 removes material on the information security management program (ISMS), allowing stakeholders to rely on ISO/IEC 27001 for the information security program and ISO/IEC 27002 for related controls. ISA/IEC 62443-2-1 retains OT-specific requirements for security programs.

Correspondingly, the SMM mappings add a new section of SMM practice mappings to Edition 2 of ISA/IEC 62443-2-1 and relevant ISO/IEC 27001 and 27002 requirements. The SMM: ISA/IEC 62443 Mappings for Asset Owners, Product Suppliers, and Service Suppliers retains Edition 1 mappings and other corrections and clarifications.


“Together with IoT SMM industry profiles, the mappings are a powerful tool to allow organizations to identify what they need to accomplish within their industries and when deploying certain types of solutions, such as digital twins,” said Ron Zahavi, one of the SMM authors.

“This new guidance extends the previously published IoT Security Maturity Model (SMM): ISA/IEC62443 Mappings for Asset Owners, Product Suppliers, and Service Suppliers by incorporating updates to the 62443-2-1 standard, thus giving practical guidance to practitioners who wish to improve their security maturity,” said Frederick Hirsch, co-chair of the joint IIC-ISA SMM group and co-author of the paper. “The updated IoT SMM document extends the guidance of the IoT Security Maturity Model and its profiles so that once maturity level targets and assessments are understood, organizations may use the current ISA/IEC 62443 guidance to help achieve maturity targets.”

“It’s not about adding more security but about implementing the appropriate security measures,” said Pierre Kobes, an ISA99 and IEC Technical Committee 65 member. “The updated IoT SMM: ISA/IEC 62443 Mappings for Asset Owners and Product Suppliers helps companies select the adequate security levels commensurate with their expected level of risk. The ISA/IEC 62443 standards are significant for industrial automation and control system security programs, providing proven and accepted engineering practices, increasing the power of using the IoT Security Maturity Model.”

Print this page


Story continue below