ISA/IEC 62443-3-2:2020, Clause 4.2 covers identifying the system under consideration (SUC) as zone and conduit requirement ZCR 1.
ZCR 1 makes the assessment scope unambiguous: which automation assets are in, where the security boundary sits, and every path that crosses it. Without that clarity, zone partitions and risk scores have nothing solid to hang on.
Reference: ISA/IEC 62443-3-2:2020, Clause 4.2
Related:
Zone, Conduit and Risk Assessment (Clause 4)
|
IEC 62443-1-1 Models
ZCR pages: ZCR 1 | ZCR 2 | ZCR 3 | ZCR 4 | ZCR 5 | ZCR 6 | ZCR 7
Reference: ISA/IEC 62443-3-2, Clause 4.2
Clause: 4.2.1
Large sites often run several control systems. Any one of them can be declared an SUC for analysis. Typical contents can span BPCS/DCS, SIS, SCADA packages, supplier packages, and increasingly IIoT or cloud-linked services when they form part of the automation solution.
Inventories, system and network diagrams, and data-flow views are the usual evidence used to justify what sits inside the perimeter and where traffic crosses it.