Clause 13 adds or refines requirements for embedded devices (for example PLCs and IEDs), including updates, tamper resistance, roots of trust and boot integrity.
EDR summaries
EDR 2.4: Mobile code
Reference: ISA/IEC 62443-4-2, Clause 13
Summary
In the event that an embedded device utilizes mobile code technologies, the embedded device must provide the capability to enforce a security policy for the usage of mobile code technologies.
EDR 2.13: Use of physical diagnostic and test interfaces
Reference: ISA/IEC 62443-4-2, Clause 13
Summary
Embedded devices must protect against unauthorized use of the physical factory diagnostic and test interface((e.g. JTAG Debugging).
EDR 3.2: Protection from malicious code
Reference: ISA/IEC 62443-4-2, Clause 13
Summary
The embedded device must provide the capability to protect from installation and execution of unauthorized software.
EDR 3.10: Support for updates
Reference: ISA/IEC 62443-4-2, Clause 13
Summary
The embedded device must support the ability to be updated and upgraded.
EDR 3.11: Physical tamper resistance and detection
Reference: ISA/IEC 62443-4-2, Clause 13
Summary
The embedded device must provide tamper resistance and detection mechanisms to protect against unauthorized physical access into the device
EDR 3.12: Provisioning product supplier roots of trust
Reference: ISA/IEC 62443-4-2, Clause 13
Summary
Embedded devices must provide the capability to provision and protect the confidentiality, integrity, and authenticity of product supplier keys and data to be used as one or more “roots of trust” at the time of manufacture of the device.
EDR 3.13: Provisioning asset owner roots of trust
Reference: ISA/IEC 62443-4-2, Clause 13
Summary
Embedded devices must provide the capability to provision and protect the confidentiality, integrity, and authenticity of asset owner keys and data to be used as “roots of trust”; and support the capability to provision without reliance on components that may be outside of the device’s security zone.
EDR 3.14: Integrity of the boot process
Reference: ISA/IEC 62443-4-2, Clause 13
Summary
Embedded devices must verify the integrity of the firmware, software, and configuration data needed for the component’s boot and runtime processes prior to use.