Embedded Device Security Assurance (EDSA) - version 2.0.0

(Valid until 2/13/2019)

Scope

The first ISASecure certification, Embedded Device Security Assurance (EDSA) focuses on the security of embedded devices and addresses device characteristics and supplier development practices for those devices.  The EDSA certification is designed to certify to international standards IEC 62443-4-1 Product Development Requirements and IEC 62443-4-2 Technical Security Requirements for IACS Components.

An embedded device that meets the requirements of the ISASecure EDSA specification earns theISASecure EDSA certification; a trademarked designation that provides instant recognition of product security characteristics and capabilities, and provides an independent industry stamp of approval similar to a ‘Safety Integrity Level’ Certification (ISO/IEC 61508). The ISASecure EDSAcertification offers three levels of recognition for a device, reflecting increasing levels of device security assurance. The levels include ISASecure Level 1 for Devices, ISASecure Level 2 for Devices, and ISASecure Level 3 for Devices. All levels of security certification granted under this program contain the following technical elements:
 

• Functional Security Assessment (FSA)
• Software Development Security Assessment (SDSA)
• Communication Robustness Testing (CRT)

FSA and SDSA evaluation requirements increase in rigor for levels 2 and 3 while CRT criteria are the same regardless of certification level. The ISASecure Embedded Device Security Assurance Certification brochure (see below), provides a description of the three technical certification elements, certification levels, and the certification program.

ISASecure® EDSA Conformance Scheme Definition Documents

There are five major categories of ISASecure EDSA program documents

• Technical specifications, shown in solid light blue, that describe the technical criteria applied to determine whether a device will be certified.
  
  NOTE ISASecure EDSA program development has followed and leveraged the parallel ISA99 standards effort underway for embedded device cyber security requirements. When the ISA-99.04.01 standard is completed, the ISASecure Embedded Device certification technical specifications will be updated to serve as a compliance program for that standard.

• Accreditation/recognition, shown in gold diagonal stripe, that describe how an organization can become a chartered laboratory or a tool supplier can obtain recognition for a CRT tool

• Symbol and certificates, shown in blue horizontal stripe, covers the topic of proper usage of the ISASecure symbol and certificate.

• Structure, shown in an orange brick pattern, used to describe and operate the overall program.

• External references, shown in solid dark grey, are documents that exist outside of this particular program that are referenced by ISASecure EDSA program documents.

• The ISASecure EDSA detailed formal specifications are listed in the table below and available for download.

ISASecure® EDSA Conformance Scheme Fees

Embedded Device Security Assurance (EDSA) Certification Scheme Description

Initial Certification and Maintenance of Certification Policies and Criteria

Certification Requirements Specifications for EDSA (Three Assessment Categories FSA, SDSA, CRT)

CRT Test Requirements for Protocols in EDSA Certification

Lab Accreditation Requirements

Component Security Assurance (CSA) - version 1.0.0

Effective 28 August 2019

*See ISASecure-117 for version transition details*

Scope

• The elements of a CSA certification are illustrated in Figure 1 below.

• Security Development Artifacts for components (SDA-C);
• Functional Security Assessment for components (FSA-C); and
• Vulnerability Identification testing for components (VIT-C).

SDLPA-C and SDA-C both assess development process. SDA-C examines the artifacts that are the outputs of the supplier’s development lifecycle processes as they apply to the component to be certified. FSA-C examines the security capabilities of the component, while recognizing in accordance with IEC 62443-4-2 that requirements for security functionality differ by component type. VIT scans the component for the presence of known vulnerabilities.

The CSA program defines four certification levels for a component, offering increasing levels of security assurance. Levels offered are capability security levels 1, 2, 3, and 4. A product that achieves certification to CSA capability security level n is certified to meet requirements for capability security level n as defined in IEC 62443-4-2, which includes a requirement for compliance to IEC 62443-4-1. A CSA certification earned by a particular product will indicate the applicable component type(s) and level, and thus be expressed for example, as ISASecure CSA Capability Level 3 (Software Application) or ISASecure CSA Capability Security Level 2 (Embedded Device, Network Device).

All levels of certification include the certification elements defined in Figure 1. SDLPA-C does not have an associated level. SDA-C and VIT-C assessments are the same for all certification levels with the exception of allowable residual risk for known security issues.  FSA-C incorporates more requirements at higher levels, aligned with the requirements assigned to each capability security level in IEC 62443-4-2. 

Figure 1 - Evaluation Elements for  ISASecure CSA Certification

ISASecure® EDSA Conformance Scheme Fees

Component Security Assurance (CSA) Certification Scheme Description

Transition Policy

Initial Certification and Maintenance of Certification Policies and Criteria

Certification Requirements Specifications for CSA (Four Assessment Categories SDLPA, SDA, FSA, VIT)

Embedded Device Security Assurance (EDSA) - version 3.0.0

Effective 10 October 2018

*See ISASecure-116 for version transition details*

Scope

• Security Development Artifacts for embedded devices (SDA-E);
• Functional Security Assessment for embedded devices (FSA-E); and
• Embedded device robustness testing (ERT).

SDLPA and SDA-E both assess development process, hence are grouped under "Security Development Assessment" in Figure 1 below. SDA-E examines the artifacts that are the outputs of the supplier’s security development processes as they apply to the embedded device to be certified. FSA-E examines the security capabilities of the device, while recognizing in accordance with ANSI/ISA- 62443-4-2 that in some cases requirements for security functionality may be met by integrating the device into a system.

ERT has two major elements - Vulnerability Identification Testing (VIT) and Communication Robustness Testing (CRT).  VIT scans the device for the presence of known vulnerabilities. CRT examines the capability of the device to adequately maintain essential functions while being subjected to normal and erroneous network protocol traffic at normal to extremely high traffic rates (flood conditions).

The program offers four certification levels for a device, offering increasing levels of device security assurance. These certifications are called ISASecure EDSA Level 1, ISASecure EDSA Level 2, ISASecure EDSA Level 3, and ISASecure EDSA Level 4.

All levels of certification include the certification elements above. The SDLPA and SDA-S assessments are the same for all certification levels with the exception of allowable residual risk for known security issues. FSA-E and VIT increase in rigor for levels greater than 1; pass/fail criteria for VIT reference applicable FSA-E requirements. CRT criteria are the same regardless of certification level. Figure 1 illustrates this concept.

Figure 1 - Evaluation Elements for  ISASecure EDSA Certification

ISASecure® EDSA Conformance Scheme Fees

Embedded Device Security Assurance (EDSA) Certification Scheme Description

Transition Policy

Initial Certification and Maintenance of Certification Policies and Criteria

Certification Requirements Specifications for EDSA (Five Assessment Categories SDLPA, SDA, FSA, CRT, VIT)

CRT Test Requirements for Protocols in EDSA Certification

Embedded Device Security Assurance (EDSA) - version 2.1.0

Effective 13 February 2018

*See ISASecure-115 for version transition details*

Scope

• Security Development Artifacts for embedded devices (SDA-E);
• Functional Security Assessment for embedded devices (FSA-E); and
• Embedded device robustness testing (ERT).

SDLPA and SDA-E both assess development process, hence are grouped under "Security Development Assessment" in Figure 1 below. SDA-E examines the artifacts that are the outputs of the supplier’s security development processes as they apply to the embedded device to be certified. FSA-E examines the security capabilities of the device, while recognizing that in some cases security functionality may be allocated to other components of the device’s overall system environment.

ERT has two major elements - Vulnerability Identification Testing (VIT) and Communication Robustness Testing (CRT).  VIT scans the device for the presence of known vulnerabilities. CRT examines the capability of the device to adequately maintain essential functions while being subjected to normal and erroneous network protocol traffic at normal to extremely high traffic rates (flood conditions).

The program offers three certification levels for a device, offering increasing levels of device security assurance. These certifications are called ISASecure EDSA Level 1, ISASecure EDSA Level 2, and ISASecure EDSA Level 3.

All levels of certification include the certification elements above. The SDLPA and SDA-S assessments are the same for all certification levels with the exception of allowable residual risk for known security issues. FSA-E and VIT increase in rigor for levels greater than 1; pass/fail criteria for VIT reference applicable FSA-E requirements. CRT criteria are the same regardless of certification level. Figure 1 illustrates this concept.

Figure 1 - Evaluation Elements for  ISASecure EDSA Certification

ISASecure® EDSA Conformance Scheme Fees

Embedded Device Security Assurance (EDSA) Certification Scheme Description

Lab Accreditation Requirements

Initial Certification and Maintenance of Certification Policies and Criteria

Certification Requirements Specifications for EDSA (Five Assessment Categories SDLPA, SDA, FSA, CRT, VIT)

CRT Test Requirements for Protocols in EDSA Certification

Embedded Device Security Assurance (EDSA) - version 2.0.0

(Valid until 2/13/2019)

Scope

The first ISASecure certification, Embedded Device Security Assurance (EDSA) focuses on the security of embedded devices and addresses device characteristics and supplier development practices for those devices.  The EDSA certification is designed to certify to international standards IEC 62443-4-1 Product Development Requirements and IEC 62443-4-2 Technical Security Requirements for IACS Components.

An embedded device that meets the requirements of the ISASecure EDSA specification earns theISASecure EDSA certification; a trademarked designation that provides instant recognition of product security characteristics and capabilities, and provides an independent industry stamp of approval similar to a ‘Safety Integrity Level’ Certification (ISO/IEC 61508). The ISASecure EDSAcertification offers three levels of recognition for a device, reflecting increasing levels of device security assurance. The levels include ISASecure Level 1 for Devices, ISASecure Level 2 for Devices, and ISASecure Level 3 for Devices. All levels of security certification granted under this program contain the following technical elements:
 

• Functional Security Assessment (FSA)
• Software Development Security Assessment (SDSA)
• Communication Robustness Testing (CRT)

FSA and SDSA evaluation requirements increase in rigor for levels 2 and 3 while CRT criteria are the same regardless of certification level. The ISASecure Embedded Device Security Assurance Certification brochure (see below), provides a description of the three technical certification elements, certification levels, and the certification program.

ISASecure® EDSA Conformance Scheme Definition Documents

There are five major categories of ISASecure EDSA program documents

• Technical specifications, shown in solid light blue, that describe the technical criteria applied to determine whether a device will be certified.
  
  NOTE ISASecure EDSA program development has followed and leveraged the parallel ISA99 standards effort underway for embedded device cyber security requirements. When the ISA-99.04.01 standard is completed, the ISASecure Embedded Device certification technical specifications will be updated to serve as a compliance program for that standard.

• Accreditation/recognition, shown in gold diagonal stripe, that describe how an organization can become a chartered laboratory or a tool supplier can obtain recognition for a CRT tool

• Symbol and certificates, shown in blue horizontal stripe, covers the topic of proper usage of the ISASecure symbol and certificate.

• Structure, shown in an orange brick pattern, used to describe and operate the overall program.

• External references, shown in solid dark grey, are documents that exist outside of this particular program that are referenced by ISASecure EDSA program documents.

• The ISASecure EDSA detailed formal specifications are listed in the table below and available for download.

ISASecure® EDSA Conformance Scheme Fees

Embedded Device Security Assurance (EDSA) Certification Scheme Description

Initial Certification and Maintenance of Certification Policies and Criteria

Certification Requirements Specifications for EDSA (Three Assessment Categories FSA, SDSA, CRT)

CRT Test Requirements for Protocols in EDSA Certification

Lab Accreditation Requirements