The Industry IoT Consortium (IIC) and the International Society of Automation updated the IoT security maturity model (SMM): ISA/IEC 62443 mappings for asset owners and product suppliers and service suppliers. The updates consider updates to the 62443-2-1 standard for industrial automation and control systems (IACS) security programmes.
ISA/IEC 62443-2-1 removes material on the information security management programme (ISMS), allowing stakeholders to rely on ISO/IEC 27001 for the information security programme and ISO/IEC 27002 for related controls. ISA/IEC 62443-2-1 retains OT-specific requirements for security programmes.
Correspondingly, the SMM mappings add a new section of SMM practice mappings to Edition 2 of ISA/IEC 62443-2-1 and relevant ISO/IEC 27001 and 27002 requirements. The SMM: ISA/IEC 62443 mappings for asset owners, product suppliers, and service suppliers retains Edition 1 mappings and other corrections and clarifications.
“Together with IoT SMM industry profiles, the mappings are a powerful tool to allow organisations to identify what they need to accomplish within their industries and when deploying certain types of solutions, such as digital twins,” says Ron Zahavi, CEO, Auron Technologies, and one of the SMM authors.
“This new guidance extends the previously published IoT security maturity model (SMM): ISA/IEC62443 Mappings for asset owners, product suppliers, and service suppliers by incorporating updates to the 62443-2-1 standard, thus giving practical guidance to practitioners who wish to improve their security maturity,” says Frederick Hirsch, Co-chair of the joint IIC-ISA SMM group and Co-author of the paper. “The updated IoT SMM document extends the guidance of the IoT security maturity model and its profiles so that once maturity level targets and assessments are understood, organisations may use the current ISA/IEC 62443 guidance to help achieve maturity targets.”
“It’s not about adding more security but about implementing the appropriate security measures,” says Pierre Kobes, an ISA99 and IEC Technical Committee 65 member. “The updated IoT SMM: ISA/IEC 62443 mappings for asset owners and product suppliers helps companies select the adequate security levels commensurate with their expected level of risk. The ISA/IEC 62443 standards are significant for industrial automation and control system security programmes, providing proven and accepted engineering practices, increasing the power of using the IoT security maturity model.”
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.