Protect the integrity of the component, its communications, software and security functions.
CR summaries
CR 3.1: Communication integrity
Reference: ISA/IEC 62443-4-2, Clause 7
Summary
Components must provide the capability to protect integrity of transmitted information.
CR 3.2: Protection from malicious code
Reference: ISA/IEC 62443-4-2, Clause 7
Summary
The protection from malicious code requirements are component-specific and can be located as requirements for each specific component type in Clauses 12 through 15.
CR 3.3: Security functionality verification
Reference: ISA/IEC 62443-4-2, Clause 7
Summary
Components must provide the capability to support verification of the intended operation of security functions according to ISA-62443-3-3 [11] SR3.3.
CR 3.4: Software and information integrity
Reference: ISA/IEC 62443-4-2, Clause 7
Summary
Components must provide the capability to perform or support integrity checks on software, configuration and other information as well as the recording and reporting of the results of these checks or be integrated into a system that can perform or support integrity checks.
CR 3.5: Input validation
Reference: ISA/IEC 62443-4-2, Clause 7
Summary
Components must validate the syntax, length and content of any input data that is used as an industrial process control input or input via external interfaces that directly impacts the action of the component.
CR 3.6: Deterministic output
Reference: ISA/IEC 62443-4-2, Clause 7
Summary
Components that physically or logically connect to an automation process must provide the capability to set outputs to a predetermined state if normal operation as defined by the component supplier cannot be maintained.
CR 3.7: Error handling
Reference: ISA/IEC 62443-4-2, Clause 7
Summary
Components must identify and handle error conditions in a manner that does not provide information that could be exploited by adversaries to attack the IACS.
CR 3.8: Session integrity
Reference: ISA/IEC 62443-4-2, Clause 7
Summary
Components must provide mechanisms to protect the integrity of communications sessions including: the capability to invalidate session identifiers upon user logout or other session termination (including browser sessions); the capability to generate a unique session identifier for each session and recognize only session identifiers that are system-generated; and the capability to generate unique session identifiers w…
CR 3.9: Protection of audit information
Reference: ISA/IEC 62443-4-2, Clause 7
Summary
Protect audit information, audit logs and audit tools (where present) from unauthorised access,
modification and deletion — including records, settings and reports used for investigation and recovery.
Higher SLs can require write-once storage for audit records.
CR 3.10: Support for updates
Reference: ISA/IEC 62443-4-2, Clause 7
Summary
for each specific device type in Clauses 12 through 15.
CR 3.11: Physical tamper resistance and detection
Reference: ISA/IEC 62443-4-2, Clause 7
Summary
The physical tamper resistance and detection requirements are component -specific and can be located as requirements for each specific device type in Clauses 12 through 15.
CR 3.12: Provisioning product supplier roots of trust
Reference: ISA/IEC 62443-4-2, Clause 7
Summary
The provisioning product supplier roots of trust requirements are component -specific and can be located as requirements for each specific device type in Clauses 12 through 15.
CR 3.13: Provisioning asset owner roots of trust
Reference: ISA/IEC 62443-4-2, Clause 7
Summary
The provisioning asset owner roots of trust requirements are component -specific and can be located as requirements for each specific device type in Clauses 12 through 15.
CR 3.14: Integrity of the boot process
Reference: ISA/IEC 62443-4-2, Clause 7
Summary
The integrity of the boot process requirements are component-specific and can be located as requirements for each specific device type in Clauses 12 through 15.