Industry leaders from a number of major control system users and manufacturers have formed an organization to establish a set of well-engineered specifications and processes for the testing and certification of critical control systems products. The mission of this organization would be to:
- Facilitate the independent testing and certification of control system products to a defined set of control system security standards;
- Use existing control system security industry standards where available, develop interim standards where they don’t already exist, and adopt new standards when they become available;
- Accelerate the development of industry standards that can be used to certify that control systems products meet a common set of security requirements.
The feasibility of such an organization was established in a study published in three whitepapers funded by the original group of suppliers and asset owners. The study determined that a market need exists for a control systems security conformance program operatedwithin a open consensus non-profit organization.
ISA was selected by the original stakeholders to stand up the Control Systems Security Conformance Organization (CSSCO) within the newly formed ISA Automation Standards Compliance Institute. Eventually the organization was officially renamed to the ISA Security Compliance Institute (ISCI).
The CSSCO original study results were published in three associated whitepapers: Organizational Objective whitepaper, Organizational Model whitepaper, and Financial and Legal Considerations whitepaper.