← Home

IEC 62443-4-2 Clause 11 – Resource Availability

ISA/IEC 62443-4-2, Clause 11 defines Foundational Requirement FR 7 (RA) and the associated component requirements (CRs) and requirement enhancements (REs) used when claiming Security Level capability for this FR on a component.

Help the component remain available under load, attack, backup/restore and emergency-power conditions.

Teaching note: Summaries paraphrase ISA/IEC 62443-4-2 for learning. They are not verbatim extracts — always use the published standard for normative wording, RE text and SL mappings (see Annex B). Component-type specifics also appear under Clauses 12–15.

Reference: ISA/IEC 62443-4-2, Clause 11
Related: Part 4-2 overview | Common Component Security Constraints | IEC 62443-3-3 FR 7 | Annex B mapping

Component requirement pages: Cl. 5 | Cl. 6 | Cl. 7 | Cl. 8 | Cl. 9 | Cl. 10 | Cl. 11


Purpose

Help the component remain available under load, attack, backup/restore and emergency-power conditions.

Requirement enhancements under each CR raise the capability needed for higher SL-C(RA) claims. Exact RE text and which SL columns they populate are in the standard and Annex B.


Component requirements in this FR


CR summaries

CR 7.1: Denial of service protection

Reference: ISA/IEC 62443-4-2, Clause 11

Summary
Components must provide the capability to maintain essential functions when operating in a degraded mode as the result of a DoS event.

CR 7.2: Resource management

Reference: ISA/IEC 62443-4-2, Clause 11

Summary
Components must provide the capability to limit the use of resources by security functions to protect against resource exhaustion.

CR 7.3: Control system backup

Reference: ISA/IEC 62443-4-2, Clause 11

Summary
Components must provide the capability to participate in system level backup operations in order to safeguard the component state (user- and system-level information). The backup process must not affect the normal component operations.

CR 7.4: Control system recovery and reconstitution

Reference: ISA/IEC 62443-4-2, Clause 11

Summary
Components must provide the capability to be recovered and reconstituted to a known secure state after a disruption or failure.

CR 7.5: Emergency Power

Reference: ISA/IEC 62443-4-2, Clause 11

Summary
There is no component level requirement associated with ISA-62443-3-3 SR 7.5.

CR 7.6: Network and security configuration settings

Reference: ISA/IEC 62443-4-2, Clause 11

Summary
Components must provide the capability to be configured according to recommended network and security configurations as described in guidelines provided by the control system supplier. The component must provide an interface to the currently deployed network and securit y configuration settings.

CR 7.7: Least functionality

Reference: ISA/IEC 62443-4-2, Clause 11

Summary
Components must provide the capability to specifically restrict the use of unnecessary functions, ports, protocols and/or services.

CR 7.8: Control system component inventory

Reference: ISA/IEC 62443-4-2, Clause 11

Summary
Support a control system component inventory in line with ISA/IEC 62443-3-3 SR 7.8 — for example when the product brings subordinate components that must appear in the overall Automation Solution inventory (compatible with service-provider inventory expectations such as Part 2-4 SP.06.02).

Key takeaways