← Home

IEC 62443-3-3 Clause 8 – Data Confidentiality

ISA/IEC 62443-3-3, Clause 8 defines Foundational Requirement FR 4 (DC) and the associated system requirements (SRs) and requirement enhancements (REs) used when claiming Security Level capability for this FR.

Protect the confidentiality of information on selected communication channels and prevent eavesdropping or unauthorised disclosure.

Teaching note: Summaries paraphrase ISA/IEC 62443-3-3 for learning. They are not verbatim extracts — always use the published standard for normative wording, RE text and SL mappings (see Annex B).

Reference: ISA/IEC 62443-3-3, Clause 8
Related: Foundational Requirements overview | FR / SL Vector | Annex B mapping | Security Levels

FR pages: FR 1 | FR 2 | FR 3 | FR 4 | FR 5 | FR 6 | FR 7


Purpose

Protect the confidentiality of information on selected communication channels and prevent eavesdropping or unauthorised disclosure.

Requirement enhancements under each SR raise the capability needed for higher SL-C(DC) claims. Exact RE text and which SL columns they populate are in the standard and Annex B.


System requirements in this FR


SR summaries

SR 4.1: Information confidentiality

Reference: ISA/IEC 62443-3-3, Clause 8 (SR 4.1)

Summary
Confidentiality of information in transit (and as specified at rest) shall be protected on selected channels.

SR 4.2: Information persistence

Reference: ISA/IEC 62443-3-3, Clause 8 (SR 4.2)

Summary
Information shall not persist where unauthorised retrieval is possible after use (e.g. purge temporary/shared media per policy).

SR 4.3: Use of cryptography

Reference: ISA/IEC 62443-3-3, Clause 8 (SR 4.3)

Summary
Cryptography used for confidentiality shall follow approved algorithms, key lengths and key-management practice for the environment.

Key takeaways