1、 IEC/PAS 62443-3Edition 1.0 2008-01PUBLICLY AVAILABLE SPECIFICATIONPRE-STANDARD Security for industrial process measurement and control Network and system security IEC/PAS 62443-3:2008(E)LICENSED TO MECON Limited.-RANCHI/BANGALOREFOR INTERNAL USE AT THIS LOCATION ONLY,SUPPLIED BY BOOK SUPPLY BUREAU.
2、THIS PUBLICATION IS COPYRIGHT PROTECTED Copyright 2008 IEC,Geneva,Switzerland All rights reserved.Unless otherwise specified,no part of this publication may be reproduced or utilized in any form or by any means,electronic or mechanical,including photocopying and microfilm,without permission in writi
3、ng from either IEC or IECs member National Committee in the country of the requester.If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication,please contact the address below or your local IEC member National Committee for further informa
4、tion.IEC Central Office 3,rue de Varemb CH-1211 Geneva 20 Switzerland Email:inmailiec.ch Web:www.iec.ch About the IEC The International Electrotechnical Commission(IEC)is the leading global organization that prepares and publishes International Standards for all electrical,electronic and related tec
5、hnologies.About IEC publications The technical content of IEC publications is kept under constant review by the IEC.Please make sure that you have the latest edition,a corrigenda or an amendment might have been published.?Catalogue of IEC publications:www.iec.ch/searchpub The IEC on-line Catalogue e
6、nables you to search by a variety of criteria(reference number,text,technical committee,).It also gives information on projects,withdrawn and replaced publications.?IEC Just Published:www.iec.ch/online_news/justpub Stay up to date on all new IEC publications.Just Published details twice a month all
7、new publications released.Available on-line and also by email.?Electropedia:www.electropedia.org The worlds leading online dictionary of electronic and electrical terms containing more than 20 000 terms and definitions in English and French,with equivalent terms in additional languages.Also known as
8、 the International Electrotechnical Vocabulary online.?Customer Service Centre:www.iec.ch/webstore/custserv If you wish to give us your feedback on this publication or need further assistance,please visit the Customer Service Centre FAQ or contact us:Email:csciec.ch Tel.:+41 22 919 02 11 Fax:+41 22
9、919 03 00 LICENSED TO MECON Limited.-RANCHI/BANGALOREFOR INTERNAL USE AT THIS LOCATION ONLY,SUPPLIED BY BOOK SUPPLY BUREAU.IEC/PAS 62443-3Edition 1.0 2008-01PUBLICLY AVAILABLE SPECIFICATIONPRE-STANDARD Security for industrial process measurement and control Network and system security INTERNATIONAL
10、ELECTROTECHNICAL COMMISSION XAICS 25.040.40;35.110 PRICE CODEISBN 2-8318-9543-X LICENSED TO MECON Limited.-RANCHI/BANGALOREFOR INTERNAL USE AT THIS LOCATION ONLY,SUPPLIED BY BOOK SUPPLY BUREAU.PAS 62443-3 IEC:2008(E)2 CONTENTS FOREWORD.3 INTRODUCTION.4 1 Scope.5 2 Normative references.5 3 Terms,defi
11、nitions,symbols,abbreviated terms and conventions.6 3.1 Terms and definitions.6 3.2 Symbols and abbreviated terms.12 4 Introduction and compliance.13 5 Principles and reference models.13 5.1 General.13 5.2 Threat-risk model.14 5.3 Security life cycle.16 5.4 Policy.17 5.5 Generic reference configurat
12、ions.20 5.6 Protection models.23 6 ICS security policy Overview.28 7 ICS security policy Principles and assumptions.30 7.1 ICS security policy Principles.30 7.2 ICS security policy Assumptions and exclusions.31 7.3 ICS security policy Organization and management.33 8 ICS security policy Measures.37
13、8.1 Availability management.37 8.2 Integrity management.39 8.3 Logical access management.42 8.4 Physical access management.45 8.5 Partition management.46 8.6 External access management.47 Annex A Projected new edition of IEC 62443.51 Bibliography.53 Figure 1 Threat-risk relationship.14 Figure 2 Secu
14、rity life cycle.16 Figure 3 Policy levels.18 Figure 4 Industrial control system(ICS).21 Figure 5 GPH reference configuration:Generic ICS host with external devices.22 Figure 6 Device protection:Hardening and access management.23 Figure 7 Defense-in-depth through partitioning.25 Figure 8 Example:ICS
15、partitioning.26 Figure 9 Generic external connectivity.27 LICENSED TO MECON Limited.-RANCHI/BANGALOREFOR INTERNAL USE AT THIS LOCATION ONLY,SUPPLIED BY BOOK SUPPLY BUREAU.3 PAS 62443-3 IEC:2008(E)INTERNATIONAL ELECTROTECHNICAL COMMISSION _ SECURITY FOR INDUSTRIAL PROCESS MEASUREMENT AND CONTROL NETW
16、ORK AND SYSTEM SECURITY FOREWORD 1)The International Electrotechnical Commission(IEC)is a worldwide organization for standardization comprising all national electrotechnical committees(IEC National Committees).The object of IEC is to promote international co-operation on all questions concerning standardization in the electrical and electronic fields.To this end and in addition to other activities,IEC publishes International Standards,Technical Specifications,Technical Reports,Publicly Available
