1、 IEC 62443-3-3 Edition 1.0 2013-08 INTERNATIONAL STANDARD Industrial communication networks Network and system security Part 3-3:System security requirements and security levels IEC 62443-3-3:2013(E)colourinside THIS PUBLICATION IS COPYRIGHT PROTECTED Copyright 2013 IEC,Geneva,Switzerland All rights
2、 reserved.Unless otherwise specified,no part of this publication may be reproduced or utilized in any form or by any means,electronic or mechanical,including photocopying and microfilm,without permission in writing from either IEC or IECs member National Committee in the country of the requester.If
3、you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication,please contact the address below or your local IEC member National Committee for further information.IEC Central Office Tel.:+41 22 919 02 11 3,rue de Varemb Fax:+41 22 919 03 00 CH-12
4、11 Geneva 20 infoiec.ch Switzerland www.iec.ch About the IEC The International Electrotechnical Commission(IEC)is the leading global organization that prepares and publishes International Standards for all electrical,electronic and related technologies.About IEC publications The technical content of
5、 IEC publications is kept under constant review by the IEC.Please make sure that you have the latest edition,a corrigenda or an amendment might have been published.Useful links:IEC publications search-www.iec.ch/searchpub The advanced search enables you to find IEC publications by a variety of crite
6、ria(reference number,text,technical committee,).It also gives information on projects,replaced and withdrawn publications.IEC Just Published-webstore.iec.ch/justpublished Stay up to date on all new IEC publications.Just Published details all new publications released.Available on-line and also once
7、a month by email.Electropedia-www.electropedia.org The worlds leading online dictionary of electronic and electrical terms containing more than 30 000 terms and definitions in English and French,with equivalent terms in additional languages.Also known as the International Electrotechnical Vocabulary
8、(IEV)on-line.Customer Service Centre-webstore.iec.ch/csc If you wish to give us your feedback on this publication or need further assistance,please contact the Customer Service Centre:csciec.ch.IEC 62443-3-3 Edition 1.0 2013-08 INTERNATIONAL STANDARD Industrial communication networks Network and sys
9、tem security Part 3-3:System security requirements and security levels INTERNATIONAL ELECTROTECHNICAL COMMISSION XC ICS 25.040.40;35.110 PRICE CODE ISBN 978-2-8322-1036-9 Registered trademark of the International Electrotechnical Commission Warning!Make sure that you obtained this publication from a
10、n authorized distributor.colourinside 2 62443-3-3 IEC:2013(E)CONTENTS FOREWORD.9 0 Introduction.11 0.1 Overview.11 0.2 Purpose and intended audience.12 0.3 Usage within other parts of the IEC 62443 series.12 1 Scope.14 2 Normative references.14 3 Terms,definitions,abbreviated terms,acronyms,and conv
11、entions.14 3.1 Terms and definitions.14 3.2 Abbreviated terms and acronyms.20 3.3 Conventions.22 4 Common control system security constraints.22 4.1 Overview.22 4.2 Support of essential functions.23 4.3 Compensating countermeasures.23 4.4 Least privilege.24 5 FR 1 Identification and authentication c
12、ontrol.24 5.1 Purpose and SL-C(IAC)descriptions.24 5.2 Rationale.24 5.3 SR 1.1 Human user identification and authentication.24 Requirement.24 5.3.1 Rationale and supplemental guidance.24 5.3.2 Requirement enhancements.25 5.3.3 Security levels.25 5.3.45.4 SR 1.2 Software process and device identifica
13、tion and authentication.26 Requirement.26 5.4.1 Rationale and supplemental guidance.26 5.4.2 Requirement enhancements.26 5.4.3 Security levels.27 5.4.45.5 SR 1.3 Account management.27 Requirement.27 5.5.1 Rationale and supplemental guidance.27 5.5.2 Requirement enhancements.27 5.5.3 Security levels.
14、27 5.5.45.6 SR 1.4 Identifier management.28 Requirement.28 5.6.1 Rationale and supplemental guidance.28 5.6.2 Requirement enhancements.28 5.6.3 Security levels.28 5.6.45.7 SR 1.5 Authenticator management.28 Requirement.28 5.7.1 Rationale and supplemental guidance.28 5.7.2 Requirement enhancements.29
15、 5.7.3 Security levels.29 5.7.45.8 SR 1.6 Wireless access management.30 Requirement.30 5.8.162443-3-3 IEC:2013(E)3 Rationale and supplemental guidance.30 5.8.2 Requirement enhancements.30 5.8.3 Security levels.30 5.8.45.9 SR 1.7 Strength of password-based authentication.30 Requirement.30 5.9.1 Ratio
16、nale and supplemental guidance.30 5.9.2 Requirement enhancements.31 5.9.3 Security levels.31 5.9.45.10 SR 1.8 Public key infrastructure(PKI)certificates.31 Requirement.31 5.10.1 Rationale and supplemental guidance.31 5.10.2 Requirement enhancements.32 5.10.3 Security levels.32 5.10.45.11 SR 1.9 Strength of public key authentication.32 Requirement.32 5.11.1 Rationale and supplemental guidance.32 5.11.2 Requirement enhancements.33 5.11.3 Security levels.33 5.11.45.12 SR 1.10 Authenticator feedback
