Clause 14 adds or refines requirements for host devices (for example operator and engineering workstations and industrial servers).
HDR summaries
HDR 2.4: Mobile code
Reference: ISA/IEC 62443-4-2, Clause 14
Summary
In the event that a host device utilizes mobile code technologies, that host device must provide the capability to enforce a security policy for the usage of mobile code technologies.
HDR 2.13: Use of physical diagnostic and test interfaces
Reference: ISA/IEC 62443-4-2, Clause 14
Summary
Host devices must protect against unauthorized use of the physical factory diagnostic and test interface((e.g. JTAG debugging).
HDR 3.2: Protection from malicious code
Reference: ISA/IEC 62443-4-2, Clause 14
Summary
There must be mechanisms on host devices that are qualified by the IACS product supplier to provide protection from malicious code. The IACS product supplier must document any special configuration requirements related to protection from malicious code.
HDR 3.10: Support for updates
Reference: ISA/IEC 62443-4-2, Clause 14
Summary
Host devices must support the ability to be updated and upgraded.
HDR 3.11: Physical tamper resistance and detection
Reference: ISA/IEC 62443-4-2, Clause 14
Summary
Host devices must provide the capability to support tamper resistance and detection mechanisms to protect against unauthorized physical access into the device.
HDR 3.12: Provisioning product supplier roots of trust
Reference: ISA/IEC 62443-4-2, Clause 14
Summary
Host devices must provide the capability to provision and protect the confidentiality, integrity, and authenticity of product supplier keys and data to be used as one or more “roots of trust” at the time of manufacture of the device.
HDR 3.13: Provisioning asset owner roots of trust
Reference: ISA/IEC 62443-4-2, Clause 14
Summary
Host devices must provide the capability to provision and protect the confidentiality, integrity, and authenticity of asset owner keys and data to be used as “roots of trust”; and support the capability to provision without reliance on components that may be outside of the device’s security zone.
HDR 3.14: Integrity of the boot process
Reference: ISA/IEC 62443-4-2, Clause 14
Summary
Host devices must verify the integrity of the firmware, software, and configuration data needed for component’s boot process prior to it being used in the boot process.