← Home
IEC 62443-4-2 Clause 12 – Software Application Requirements
ISA/IEC 62443-4-2, Clause 12 defines
SAR requirements that apply specifically to this component category.
These sit alongside the common CRs in Clauses 5–11 and the
common component security constraints in Clause 4.
Clause 12 adds or refines requirements that apply specifically to software application components (for example SCADA applications and historians), beyond the common CRs.
Teaching note: Summaries paraphrase ISA/IEC 62443-4-2 for learning — always
refer to the published text for normative wording and RE mappings.
Reference: ISA/IEC 62443-4-2, Clause 12
Related:
Part 4-2 overview
|
Annex A – Device categories
|
Annex B mapping
Category pages: Cl. 12 | Cl. 13 | Cl. 14 | Cl. 15
Requirements in this clause
SAR summaries
SAR 2.4: Mobile code
Reference: ISA/IEC 62443-4-2, Clause 12
Summary
In the event that a software application utilizes mobile code technologies, that application must provide the capability to enforce a security policy for the usage of mobile code technologies.
SAR 3.2: Protection from malicious code
Reference: ISA/IEC 62443-4-2, Clause 12
Summary
The application product supplier must qualify and document which protection from malicious code mechanisms are compatible with the application and note any special configuration requirements.
Key takeaways
- Clause 12 specialises Part 4-2 for SAR components.
- Common CRs (Clauses 5–11) still apply; this clause adds category-specific expectations.
- Use Annex A for representative device examples in each category.