← Home
IEC 62443-4-2 Clause 8 – Data Confidentiality
ISA/IEC 62443-4-2, Clause 8 defines Foundational
Requirement FR 4 (DC) and the associated
component requirements (CRs) and requirement enhancements (REs)
used when claiming Security Level capability for this FR on a component.
Protect sensitive data in storage and in transit according to the component’s security context.
Teaching note: Summaries paraphrase ISA/IEC 62443-4-2 for learning. They are not
verbatim extracts — always use the published standard for normative wording, RE text and SL
mappings (see
Annex B).
Component-type specifics also appear under
Clauses 12–15.
Reference: ISA/IEC 62443-4-2, Clause 8
Related:
Part 4-2 overview
|
Common Component Security Constraints
|
IEC 62443-3-3 FR 4
|
Annex B mapping
Component requirement pages: Cl. 5 | Cl. 6 | Cl. 7 | Cl. 8 | Cl. 9 | Cl. 10 | Cl. 11
Purpose
Protect sensitive data in storage and in transit according to the component’s security context.
Requirement enhancements under each CR raise the capability needed for higher SL-C(DC)
claims. Exact RE text and which SL columns they populate are in the standard and Annex B.
Component requirements in this FR
CR summaries
CR 4.1: Information confidentiality
Reference: ISA/IEC 62443-4-2, Clause 8
Summary
Components must provide the capability to protect the confidentiality of information at rest for which explicit read authorization is supported; and support the protection of the confidentiality of information in transit as defined in ISA-62443-3-3 [11] SR 4.1.
CR 4.2: Information persistence
Reference: ISA/IEC 62443-4-2, Clause 8
Summary
Components must provide the capability to erase all information, for which explicit read authorization is supported, from components to be released from active service and/or decommissioned.
CR 4.3: Use of cryptography
Reference: ISA/IEC 62443-4-2, Clause 8
Summary
If cryptography is required, the component must use cryptographic security mechanisms according to internationally recognized and proven security practices and recommendations.
Key takeaways
- FR 4 (DC) is derived from the Part 3-3 foundational requirement of the same name, expressed as component CRs.
- Some capabilities are common (CR); others are refined for software applications (SAR), embedded (EDR), host (HDR) or network (NDR) devices in Clauses 12–15.
- Always apply the common component security constraints when reading or implementing these CRs.