← Home

IEC 62443-4-2 Clause 8 – Data Confidentiality

ISA/IEC 62443-4-2, Clause 8 defines Foundational Requirement FR 4 (DC) and the associated component requirements (CRs) and requirement enhancements (REs) used when claiming Security Level capability for this FR on a component.

Protect sensitive data in storage and in transit according to the component’s security context.

Teaching note: Summaries paraphrase ISA/IEC 62443-4-2 for learning. They are not verbatim extracts — always use the published standard for normative wording, RE text and SL mappings (see Annex B). Component-type specifics also appear under Clauses 12–15.

Reference: ISA/IEC 62443-4-2, Clause 8
Related: Part 4-2 overview | Common Component Security Constraints | IEC 62443-3-3 FR 4 | Annex B mapping

Component requirement pages: Cl. 5 | Cl. 6 | Cl. 7 | Cl. 8 | Cl. 9 | Cl. 10 | Cl. 11


Purpose

Protect sensitive data in storage and in transit according to the component’s security context.

Requirement enhancements under each CR raise the capability needed for higher SL-C(DC) claims. Exact RE text and which SL columns they populate are in the standard and Annex B.


Component requirements in this FR


CR summaries

CR 4.1: Information confidentiality

Reference: ISA/IEC 62443-4-2, Clause 8

Summary
Components must provide the capability to protect the confidentiality of information at rest for which explicit read authorization is supported; and support the protection of the confidentiality of information in transit as defined in ISA-62443-3-3 [11] SR 4.1.

CR 4.2: Information persistence

Reference: ISA/IEC 62443-4-2, Clause 8

Summary
Components must provide the capability to erase all information, for which explicit read authorization is supported, from components to be released from active service and/or decommissioned.

CR 4.3: Use of cryptography

Reference: ISA/IEC 62443-4-2, Clause 8

Summary
If cryptography is required, the component must use cryptographic security mechanisms according to internationally recognized and proven security practices and recommendations.

Key takeaways