← Home

IEC 62443-4-2 Clause 12 – Software Application Requirements

ISA/IEC 62443-4-2, Clause 12 defines SAR requirements that apply specifically to this component category. These sit alongside the common CRs in Clauses 5–11 and the common component security constraints in Clause 4.

Clause 12 adds or refines requirements that apply specifically to software application components (for example SCADA applications and historians), beyond the common CRs.

Teaching note: Summaries paraphrase ISA/IEC 62443-4-2 for learning — always refer to the published text for normative wording and RE mappings.

Reference: ISA/IEC 62443-4-2, Clause 12
Related: Part 4-2 overview | Annex A – Device categories | Annex B mapping

Category pages: Cl. 12 | Cl. 13 | Cl. 14 | Cl. 15


Requirements in this clause


SAR summaries

SAR 2.4: Mobile code

Reference: ISA/IEC 62443-4-2, Clause 12

Summary
In the event that a software application utilizes mobile code technologies, that application must provide the capability to enforce a security policy for the usage of mobile code technologies.

SAR 3.2: Protection from malicious code

Reference: ISA/IEC 62443-4-2, Clause 12

Summary
The application product supplier must qualify and document which protection from malicious code mechanisms are compatible with the application and note any special configuration requirements.

Key takeaways