ISASecure Embedded Controller Security Assurance Certification Framework approved
ISA Security Compliance Institute (ISCI) has formally approved an Embedded Controller Security Assurance (ECSA) Framework, identifying the embedded controller testing approach and high level criteria for passing or failing the ISASecure tests.
The ISA Security Compliance Institute (ISCI) has formally approved an Embedded Controller Security Assurance (ECSA) Framework, the group said in a statement today.
The ECSA Framework establishes important foundational definitions necessary for completion of the ISASecure ECSA test specification. It establishes the scope of the ISASecure test specification, and identifies the embedded controller testing approach and high level criteria for passing or failing the ISASecure tests.
A publicly available version of the ISASecure ECSA Framework describing the ECSA certification program will be published and posted on the ISCI website this month.
The detailed ISASecure ECSA certification includes three broad areas of assessment for embedded controllers - Security Functional Assessment, Protocol Robustness Testing, and Software Development Security Assessment. The ECSA test specification will undergo an independent review and is slated for completion at the end of third-quarter 2009.
Johan Nye, chairman of the ISCI Governing Board, says the certification program "will provide assurances to owner/operators that products meet known cyber security requirements based on industry standards."
The ISASecure test specification is designed to be used by suppliers in their product development and manufacturing processes to facilitate baseline security levels in Industrial Automation Control Systems (IACS) products, he says. The same ISASecure test specification will also be used by ISCI accredited independent labs to certify cyber security characteristics of IAC products using ISCI accredited test tools. ISASecure certification testing will commence in first-quarter 2010.
The ISA Security Compliance Institute was founded in 2007. Founding Members include Chevron, ExxonMobil Research and Engineering, Honeywell, Invensys Process Systems, Siemens, and Yokogawa. Key Technical Members include Exida, Mu Dynamics, Rockwell Automation, and Wurldtech Security Technologies, ISCI says.
Also read, from Control Engineering : , and see the
-Edited by Mark T. Hoske, editor in chief, Control Engineering www.controleng.com
|Search the online Automation Integrator Guide|
Case Study Database
Get more exposure for your case study by uploading it to the Control Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.
These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.
Click here to visit the Case Study Database and upload your case study.