← Home

IEC 62443-4-2 Clause 13 – Embedded Device Requirements

ISA/IEC 62443-4-2, Clause 13 defines EDR requirements that apply specifically to this component category. These sit alongside the common CRs in Clauses 5–11 and the common component security constraints in Clause 4.

Clause 13 adds or refines requirements for embedded devices (for example PLCs and IEDs), including updates, tamper resistance, roots of trust and boot integrity.

Teaching note: Summaries paraphrase ISA/IEC 62443-4-2 for learning — always refer to the published text for normative wording and RE mappings.

Reference: ISA/IEC 62443-4-2, Clause 13
Related: Part 4-2 overview | Annex A – Device categories | Annex B mapping

Category pages: Cl. 12 | Cl. 13 | Cl. 14 | Cl. 15


Requirements in this clause


EDR summaries

EDR 2.4: Mobile code

Reference: ISA/IEC 62443-4-2, Clause 13

Summary
In the event that an embedded device utilizes mobile code technologies, the embedded device must provide the capability to enforce a security policy for the usage of mobile code technologies.

EDR 2.13: Use of physical diagnostic and test interfaces

Reference: ISA/IEC 62443-4-2, Clause 13

Summary
Embedded devices must protect against unauthorized use of the physical factory diagnostic and test interface((e.g. JTAG Debugging).

EDR 3.2: Protection from malicious code

Reference: ISA/IEC 62443-4-2, Clause 13

Summary
The embedded device must provide the capability to protect from installation and execution of unauthorized software.

EDR 3.10: Support for updates

Reference: ISA/IEC 62443-4-2, Clause 13

Summary
The embedded device must support the ability to be updated and upgraded.

EDR 3.11: Physical tamper resistance and detection

Reference: ISA/IEC 62443-4-2, Clause 13

Summary
The embedded device must provide tamper resistance and detection mechanisms to protect against unauthorized physical access into the device

EDR 3.12: Provisioning product supplier roots of trust

Reference: ISA/IEC 62443-4-2, Clause 13

Summary
Embedded devices must provide the capability to provision and protect the confidentiality, integrity, and authenticity of product supplier keys and data to be used as one or more “roots of trust” at the time of manufacture of the device.

EDR 3.13: Provisioning asset owner roots of trust

Reference: ISA/IEC 62443-4-2, Clause 13

Summary
Embedded devices must provide the capability to provision and protect the confidentiality, integrity, and authenticity of asset owner keys and data to be used as “roots of trust”; and support the capability to provision without reliance on components that may be outside of the device’s security zone.

EDR 3.14: Integrity of the boot process

Reference: ISA/IEC 62443-4-2, Clause 13

Summary
Embedded devices must verify the integrity of the firmware, software, and configuration data needed for the component’s boot and runtime processes prior to use.

Key takeaways