← Home

IEC 62443-4-2 Clause 15 – Network Device Requirements

ISA/IEC 62443-4-2, Clause 15 defines NDR requirements that apply specifically to this component category. These sit alongside the common CRs in Clauses 5–11 and the common component security constraints in Clause 4.

Clause 15 adds or refines requirements for network devices (for example switches, routers, firewalls and VPN terminators).

Teaching note: Summaries paraphrase ISA/IEC 62443-4-2 for learning — always refer to the published text for normative wording and RE mappings.

Reference: ISA/IEC 62443-4-2, Clause 15
Related: Part 4-2 overview | Annex A – Device categories | Annex B mapping

Category pages: Cl. 12 | Cl. 13 | Cl. 14 | Cl. 15


Requirements in this clause


NDR summaries

NDR 1.6: Wireless access management

Reference: ISA/IEC 62443-4-2, Clause 15

Summary
A network device supporting wireless access management must provide the capability to identify and authenticate all users (humans, software processes or devices) engaged in wireless communication.

NDR 1.13: Access via untrusted networks

Reference: ISA/IEC 62443-4-2, Clause 15

Summary
The network device supporting device access into a network must provide the capability to monitor and control all methods of access to the network device via untrusted networks.

NDR 2.4: Mobile code

Reference: ISA/IEC 62443-4-2, Clause 15

Summary
In the event that a network device utilizes mobile code technologies, the network device must provide the capability to enforce a security policy for the usage of mobile code technologies.

NDR 2.13: Use of physical diagnostic and test interfaces

Reference: ISA/IEC 62443-4-2, Clause 15

Summary
Network devices must protect against unauthorized use of the physical factory diagnostic and test interface((e.g. JTAG debugging).

NDR 3.2: Protection from malicious code

Reference: ISA/IEC 62443-4-2, Clause 15

Summary
The network device must provide for protection from malicious code.

NDR 3.10: Support for updates

Reference: ISA/IEC 62443-4-2, Clause 15

Summary
Network devices must support the ability to be updated and upgraded.

NDR 3.11: Physical tamper resistance and detection

Reference: ISA/IEC 62443-4-2, Clause 15

Summary
Network devices must provide tamper resistance and detection mechanisms to protect against unauthorized physical access into the device

NDR 3.12: Provisioning product supplier roots of trust

Reference: ISA/IEC 62443-4-2, Clause 15

Summary
Network devices must provide the capability to provision and protect the confidentiality, integrity, and authenticity of product supplier keys and data to be used as one or more “roots of trust” at the time of manufacture of the device.

Key takeaways