← Home
IEC 62443-4-2 Clause 9 – Restricted Data Flow
ISA/IEC 62443-4-2, Clause 9 defines Foundational
Requirement FR 5 (RDF) and the associated
component requirements (CRs) and requirement enhancements (REs)
used when claiming Security Level capability for this FR on a component.
Support segmentation and controlled flows so data only moves where the architecture allows.
Teaching note: Summaries paraphrase ISA/IEC 62443-4-2 for learning. They are not
verbatim extracts — always use the published standard for normative wording, RE text and SL
mappings (see
Annex B).
Component-type specifics also appear under
Clauses 12–15.
Reference: ISA/IEC 62443-4-2, Clause 9
Related:
Part 4-2 overview
|
Common Component Security Constraints
|
IEC 62443-3-3 FR 5
|
Annex B mapping
Component requirement pages: Cl. 5 | Cl. 6 | Cl. 7 | Cl. 8 | Cl. 9 | Cl. 10 | Cl. 11
Purpose
Support segmentation and controlled flows so data only moves where the architecture allows.
Requirement enhancements under each CR raise the capability needed for higher SL-C(RDF)
claims. Exact RE text and which SL columns they populate are in the standard and Annex B.
Component requirements in this FR
CR summaries
CR 5.1: Network segmentation
Reference: ISA/IEC 62443-4-2, Clause 9
Summary
Components must support a segmented network to support zones and conduits, as needed, to support the broader network architecture based on logical segmentation and criticality.
CR 5.2: Zone boundary protection
Reference: ISA/IEC 62443-4-2, Clause 9
Summary
The zone boundary protection requirements are network-component-specific and can be located as requirements for network devices in Clause 15.
CR 5.3: General-purpose person-to-person communication restrictions
Reference: ISA/IEC 62443-4-2, Clause 9
Summary
The general-purpose person-to-person communication restriction requirements are network- component-specific and can be located as requirements for network devices later in Clause 15.
CR 5.4: Application partitioning
Reference: ISA/IEC 62443-4-2, Clause 9
Summary
There is no component level requirement associated with ISA-62443-3-3 SR 5.4.
Key takeaways
- FR 5 (RDF) is derived from the Part 3-3 foundational requirement of the same name, expressed as component CRs.
- Some capabilities are common (CR); others are refined for software applications (SAR), embedded (EDR), host (HDR) or network (NDR) devices in Clauses 12–15.
- Always apply the common component security constraints when reading or implementing these CRs.