See Our Certifications and How They Help Reduce Risk in Your Industry

View Certified Devices

Contact Us Now

IEC 62443 - CSA Certification

Component Security Assurance (CSA) - version 1.0.0

Effective 28 August 2019

*See ISASecure-117 for version transition details*


Scope


The ISASecure certification program Component Security Assurance (CSA) focuses on the security of software applications, embedded devices, host devices, and network devices. These are the component types used to build control systems, defined by the standard IEC 62443-4-2 Security for industrial automation and control systems Part 4-2: Technical security requirements for IACS components. CSA addresses component characteristics and supplier development practices for those components.  The CSA certification is designed to certify to international standards IEC 62443-4-2 and IEC 62443-4-1 Security for industrial automation and control systems Part 4-1: Secure product development requirements.

A component that meets the requirements of the ISASecure CSA specification earns the ISASecure CSA certification; a trademarked designation that provides instant recognition of product security characteristics and capabilities, and provides an independent industry stamp of approval similar to a ‘Safety Integrity Level’ Certification (ISO/IEC 61508). 

ISASecure CSA is a certification program for control system components, where a product is considered to be a component if it satisfies one or more of the definitions in IEC 62443-4-2:

software application one or more software programs and their dependencies that are used to interface with the process or the control system itself (for example, configuration software and historian)

embedded device special purpose device running embedded software designed to directly monitor, control or actuate an industrial process

host device general purpose device running an operating system (for example Microsoft Windows OS or Linux) capable of hosting one or more software applications, data stores or functions from one or more suppliers

network device device that facilitates data flow between devices, or restricts the flow of data, but may not directly interact with a control process

The release of ISASecure CSA 1.0.0 subsumes the former ISASecure EDSA certification program for embedded devices. CSA defines certification criteria for embedded devices as well as for the other three component types defined in IEC 62443-4-2.

·      The elements of a CSA certification are illustrated in Figure 1 below.

In order to obtain ISASecure CSA certification, a supplier must pass a security development lifecycle process assessment for component development (SDLPA-C).  Based upon this assessment, an ISASecure SDLA process certification is granted as described in SDLA-100. A supplier may already hold an SDLA process certification when they apply for an CSA certification, or may apply for CSA and SDLA certification in parallel. ISASecure certification of components has three additional elements:

·         Security Development Artifacts for components (SDA-C);
·         Functional Security Assessment for components (FSA-C); and
·         Vulnerability Identification testing for components (VIT-C).


SDLPA-C and SDA-C both assess development process. SDA-C examines the artifacts that are the outputs of the supplier’s development lifecycle processes as they apply to the component to be certified. FSA-C examines the security capabilities of the component, while recognizing in accordance with IEC 62443-4-2 that requirements for security functionality differ by component type. VIT scans the component for the presence of known vulnerabilities.

The CSA program defines four certification levels for a component, offering increasing levels of security assurance. Levels offered are capability security levels 1, 2, 3, and 4. A product that achieves certification to CSA capability security level n is certified to meet requirements for capability security level n as defined in IEC 62443-4-2, which includes a requirement for compliance to IEC 62443-4-1. A CSA certification earned by a particular product will indicate the applicable component type(s) and level, and thus be expressed for example, as ISASecure CSA Capability Level 3 (Software Application) or ISASecure CSA Capability Security Level 2 (Embedded Device, Network Device).

All levels of certification include the certification elements defined in Figure 1. SDLPA-C does not have an associated level. SDA-C and VIT-C assessments are the same for all certification levels with the exception of allowable residual risk for known security issues.  FSA-C incorporates more requirements at higher levels, aligned with the requirements assigned to each capability security level in IEC 62443-4-2. 




Figure 1 - Evaluation Elements for  ISASecure CSA Certification
 

Component Security Assurance (CSA) Certification Scheme Description

CSA-100 ISASecure Certification Scheme View / Download PDF    

Transition Policy

ISASecure-117 Transition to CSA 1.0.0 and SSA .0.0                                                                         View / Download PDF

Initial Certification and Maintenance of Certification Policies and Criteria

   
CSA-204 Use of Symbols and Certificates View / Download PDF    
CSA-300 ISASecure Certification Requirements View / Download PDF    
CSA-301 Maintenance of ISASecure Certification View / Download PDF    

Certification Requirements Specifications for CSA (Four Assessment Categories SDLPA, SDA, FSA, VIT)

   
CSA-311 Functional Security Assessment for Components View / Download PDF    
CSA-312 Security Development Artifacts for Embedded Devices View / Download PDF    
SSA-420 Vulnerability Identification Test (VIT) Specification View / Download PDF    
SDLA-312 Security Development Lifecycle Assessment View / Download PDF    
SDLA-100 ISASecure Certification Scheme View / Download PDF    

ISASecure® EDSA Conformance Scheme Fees

 
CSA Certification Registration Fee (Annual Fee) $1,200

Embedded Device Security Assurance (EDSA) - version 3.0.0

Effective 10 October 2018

*See ISASecure-116 for version transition details*


Scope


The first ISASecure certification, Embedded Device Security Assurance (EDSA) focuses on the security of embedded devices and addresses device characteristics and supplier development practices for those devices.  The EDSA certification is designed to certify to international standard IEC 62443-4-1 Security for industrial automation and control systems Part 4-1: Secure product development requirements and to the international standard IEC 62443-4-2 Security for industrial automation and control systems Part 4-2: Technical security requirements for IACS components.

An embedded device that meets the requirements of the ISASecure EDSA specification earns the ISASecure EDSA certification; a trademarked designation that provides instant recognition of product security characteristics and capabilities, and provides an independent industry stamp of approval similar to a ‘Safety Integrity Level’ Certification (ISO/IEC 61508). 

ISASecure EDSA is a certification program for embedded devices, where a product is considered to be an embedded device if it satisfies the definition provided in 3.1.18 of EDSA-100.   (Embedded device: special purpose device running embedded software designed to directly monitor, control or actuate an industrial process). The elements of an EDSA certification are illustrated in Figure 1 below.

In order to obtain ISASecure EDSA certification, a supplier must pass a security development lifecycle process assessment (SDLPA).  Based upon this assessment, an ISASecure SDLA process certification is granted as described in SDLA-100. A supplier may already hold an SDLA process certification when they apply for an EDSA certification, or may apply for EDSA and SDLA certification in parallel. ISASecure certification of embedded devices has three additional elements:

·         Security Development Artifacts for embedded devices (SDA-E);
·         Functional Security Assessment for embedded devices (FSA-E); and
·         Embedded device robustness testing (ERT).

SDLPA and SDA-E both assess development process, hence are grouped under "Security Development Assessment" in Figure 1 below. SDA-E examines the artifacts that are the outputs of the supplier’s security development processes as they apply to the embedded device to be certified. FSA-E examines the security capabilities of the device, while recognizing in accordance with ANSI/ISA- 62443-4-2 that in some cases requirements for security functionality may be met by integrating the device into a system.


ERT has two major elements - Vulnerability Identification Testing (VIT) and Communication Robustness Testing (CRT).  VIT scans the device for the presence of known vulnerabilities. CRT examines the capability of the device to adequately maintain essential functions while being subjected to normal and erroneous network protocol traffic at normal to extremely high traffic rates (flood conditions).

The program offers four certification levels for a device, offering increasing levels of device security assurance. These certifications are called ISASecure EDSA Level 1, ISASecure EDSA Level 2, ISASecure EDSA Level 3, and ISASecure EDSA Level 4.

All levels of certification include the certification elements above. The SDLPA and SDA-S assessments are the same for all certification levels with the exception of allowable residual risk for known security issues. FSA-E and VIT increase in rigor for levels greater than 1; pass/fail criteria for VIT reference applicable FSA-E requirements. CRT criteria are the same regardless of certification level. Figure 1 illustrates this concept.


Figure 1 - Evaluation Elements for  ISASecure EDSA Certification
 

Embedded Device Security Assurance (EDSA) Certification Scheme Description

EDSA-100 ISASecure Certification Scheme View / Download PDF    
EDSA-102-Errata View / Download PDF    

Transition Policy

ISASecure-116 Transition to EDSA 3.0.0 and SSA 3.0.0                                                                         View / Download PDF

Initial Certification and Maintenance of Certification Policies and Criteria

   
EDSA-300 ISASecure Certification Requirements View / Download PDF    
EDSA-301 Maintenance of ISASecure Certification View / Download PDF    

Certification Requirements Specifications for EDSA (Five Assessment Categories SDLPA, SDA, FSA, CRT, VIT)

   
CSA-311 Functional Security Assessment for Components View / Download PDF    
EDSA-312 Security Development Artifacts for Embedded Devices View / Download PDF    
EDSA-310 Requirements for Embedded Device Robustness Testing View / Download PDF    
SSA-420 Vulnerability Identification Test (VIT) Policy Specification View / Download PDF    
SDLA-312 Security Development Lifecycle Assessment View / Download PDF    
SDLA-100 ISASecure Certification Scheme View / Download PDF    

CRT Test Requirements for Protocols in EDSA Certification

     
EDSA-401 Ethernet robustness test specification View / Download PDF    
EDSA-402 ARP robustness test specification View / Download PDF    
EDSA-403 IPv4 robustness test specification View / Download PDF    
EDSA-404 ICMPv4 robustness test specification View / Download PDF    
EDSA-405 UDP robustness test specification View / Download PDF    
EDSA-406 TCP robustness test specification View / Download PDF    

ISASecure® EDSA Conformance Scheme Fees

 
EDSA Certification Registration Fee (Annual Fee) $1,200

Embedded Device Security Assurance (EDSA) - version 2.1.0

Effective 13 February 2018

*See ISASecure-115 for version transition details*


Scope


The first ISASecure certification, Embedded Device Security Assurance (EDSA) focuses on the security of embedded devices and addresses device characteristics and supplier development practices for those devices.  The EDSA certification is designed to certify to international standard IEC 62443-4-1 Security for industrial automation and control systems Part 4-1: Secure product development requirements and to the international standard IEC 62443-4-2 Security for industrial automation and control systems Part 4-2: Technical security requirements for IACS components once that standard is approved.

An embedded device that meets the requirements of the ISASecure EDSA specification earns the ISASecure EDSA certification; a trademarked designation that provides instant recognition of product security characteristics and capabilities, and provides an independent industry stamp of approval similar to a ‘Safety Integrity Level’ Certification (ISO/IEC 61508). 

ISASecure EDSA is a certification program for embedded devices, where a product is considered to be an embedded device if it satisfies the definition provided in 3.1.18 of EDSA-100.   (Embedded device: special purpose device running embedded software designed to directly monitor, control or actuate an industrial process). The elements of an EDSA certification are illustrated in Figure 1 below.

In order to obtain ISASecure EDSA certification, a supplier must pass a security development lifecycle process assessment (SDLPA).  Based upon this assessment, an ISASecure SDLA process certification is granted as described in SDLA-100. A supplier may already hold an SDLA process certification when they apply for an EDSA certification, or may apply for EDSA and SDLA certification in parallel. ISASecure certification of embedded devices has three additional elements:

·         Security Development Artifacts for embedded devices (SDA-E);
·         Functional Security Assessment for embedded devices (FSA-E); and
·         Embedded device robustness testing (ERT).

SDLPA and SDA-E both assess development process, hence are grouped under "Security Development Assessment" in Figure 1 below. SDA-E examines the artifacts that are the outputs of the supplier’s security development processes as they apply to the embedded device to be certified. FSA-E examines the security capabilities of the device, while recognizing that in some cases security functionality may be allocated to other components of the device’s overall system environment.

ERT has two major elements - Vulnerability Identification Testing (VIT) and Communication Robustness Testing (CRT).  VIT scans the device for the presence of known vulnerabilities. CRT examines the capability of the device to adequately maintain essential functions while being subjected to normal and erroneous network protocol traffic at normal to extremely high traffic rates (flood conditions).

The program offers three certification levels for a device, offering increasing levels of device security assurance. These certifications are called ISASecure EDSA Level 1, ISASecure EDSA Level 2, and ISASecure EDSA Level 3.

All levels of certification include the certification elements above. The SDLPA and SDA-S assessments are the same for all certification levels with the exception of allowable residual risk for known security issues. FSA-E and VIT increase in rigor for levels greater than 1; pass/fail criteria for VIT reference applicable FSA-E requirements. CRT criteria are the same regardless of certification level. Figure 1 illustrates this concept.


Figure 1 - Evaluation Elements for  ISASecure EDSA Certification
 

Embedded Device Security Assurance (EDSA) Certification Scheme Description

EDSA-100 ISASecure Certification Scheme View / Download PDF    
EDSA-102-Errata View / Download PDF    

Lab Accreditation Requirements

ISASecure-115 Transition to SDLA 2.0.0, EDSA 2.1.0 and SSA 2.1.0                                                                         View / Download PDF

Initial Certification and Maintenance of Certification Policies and Criteria

   
EDSA-300 ISASecure Certification Requirements View / Download PDF    
EDSA-301 Maintenance of ISASecure Certification View / Download PDF    

Certification Requirements Specifications for EDSA (Five Assessment Categories SDLPA, SDA, FSA, CRT, VIT)

   
EDSA-311 Functional Security Assessment (FSA) View / Download PDF    
EDSA-312 Security Development Artifacts for Embedded Devices View / Download PDF    
EDSA-310 Requirements for Embedded Device Robustness Testing View / Download PDF    
SSA-420 Vulnerability Identification Test (VIT) Policy Specification View / Download PDF    
SDLA-312 Security Development Lifecycle Assessment View / Download PDF    
SDLA-100 ISASecure Certification Scheme View / Download PDF    

CRT Test Requirements for Protocols in EDSA Certification

     
EDSA-401 Ethernet robustness test specification View / Download PDF    
EDSA-402 ARP robustness test specification View / Download PDF    
EDSA-403 IPv4 robustness test specification View / Download PDF    
EDSA-404 ICMPv4 robustness test specification View / Download PDF    
EDSA-405 UDP robustness test specification View / Download PDF    
EDSA-406 TCP robustness test specification View / Download PDF    

ISASecure® EDSA Conformance Scheme Fees

 
EDSA Certification Registration Fee (Annual Fee) $1,200

Embedded Device Security Assurance (EDSA) - version 2.0.0

(Valid until 2/13/2019)

Scope

The first ISASecure certification, Embedded Device Security Assurance (EDSA) focuses on the security of embedded devices and addresses device characteristics and supplier development practices for those devices.  The EDSA certification is designed to certify to international standards IEC 62443-4-1 Product Development Requirements and IEC 62443-4-2 Technical Security Requirements for IACS Components.

An embedded device that meets the requirements of the ISASecure EDSA specification earns theISASecure EDSA certification; a trademarked designation that provides instant recognition of product security characteristics and capabilities, and provides an independent industry stamp of approval similar to a ‘Safety Integrity Level’ Certification (ISO/IEC 61508). The ISASecure EDSAcertification offers three levels of recognition for a device, reflecting increasing levels of device security assurance. The levels include ISASecure Level 1 for Devices, ISASecure Level 2 for Devices, and ISASecure Level 3 for Devices. All levels of security certification granted under this program contain the following technical elements:
 
  • Functional Security Assessment (FSA)
  • Software Development Security Assessment (SDSA)
  • Communication Robustness Testing (CRT)



FSA and SDSA evaluation requirements increase in rigor for levels 2 and 3 while CRT criteria are the same regardless of certification level. The ISASecure Embedded Device Security Assurance Certification brochure (see below), provides a description of the three technical certification elements, certification levels, and the certification program.

ISASecure® EDSA Conformance Scheme Definition Documents

There are five major categories of ISASecure EDSA program documents:
 
  • Technical specifications, shown in solid light blue, that describe the technical criteria applied to determine whether a device will be certified.

    NOTE ISASecure EDSA program development has followed and leveraged the parallel ISA99 standards effort underway for embedded device cyber security requirements. When the ISA-99.04.01 standard is completed, the ISASecure Embedded Device certification technical specifications will be updated to serve as a compliance program for that standard.
  • Accreditation/recognition, shown in gold diagonal stripe, that describe how an organization can become a chartered laboratory or a tool supplier can obtain recognition for a CRT tool
  • Symbol and certificates, shown in blue horizontal stripe, covers the topic of proper usage of the ISASecure symbol and certificate.
  • Structure, shown in an orange brick pattern, used to describe and operate the overall program.
  • External references, shown in solid dark grey, are documents that exist outside of this particular program that are referenced by ISASecure EDSA program documents.
  • The ISASecure EDSA detailed formal specifications are listed in the table below and available for download.

 

Embedded Device Security Assurance (EDSA) Certification Scheme Description

EDSA-100 ISASecure Certification Scheme View / Download PDF
EDSA-102-Errata View / Download PDF
 

Initial Certification and Maintenance of Certification Policies and Criteria

EDSA-300 ISASecure Certification Requirements View / Download PDF
EDSA-301 Maintenance of ISASecure Certification View / Download PDF
 

Certification Requirements Specifications for EDSA (Three Assessment Categories FSA, SDSA, CRT)

EDSA-311 Functional Security Assessment (FSA) View / Download PDF
EDSA-312 Security Development Artifacts for Embedded Devices View / Download PDF
EDSA-310 Requirements for Embedded Device Robustness Testing View / Download PDF
SSA-420 Vulnerability Identification Test (VIT) Policy Specification View / Download PDF

CRT Test Requirements for Protocols in EDSA Certification

 
EDSA-401 Ethernet robustness test specification View / Download PDF
EDSA-402 ARP robustness test specification View / Download PDF
EDSA-403 IPv4 robustness test specification View / Download PDF
EDSA-404 ICMPv4 robustness test specification View / Download PDF
EDSA-405 UDP robustness test specification View / Download PDF
EDSA-406 TCP robustness test specification View / Download PDF

Lab Accreditation Requirements

ISASecure-112 Transition to EDSA 2.0.0 and SSA 2.0.0                                                                                                 View / Download PDF

ISASecure® EDSA Conformance Scheme Fees

 
EDSA Certification Registration Fee - Member (billed when passed) $7,500
EDSA Certification Registration Maintenance Fee - Member (billed when passed) $2,500
EDSA Certification Registration Fee - non-Member (billed when passed) $12,500
EDSA Certification Registration Maintenance Fee - non-Member (billed when passed) $3,000