See Our Certifications and How They Help Reduce Risk in Your Industry

View Certifications

Contact Us Now

Test Tools

The ISASecure certification scheme includes artifact audits to verify the types of tests and results of tests that were performed by the supplier in their product development and release processes. 

CRT Testing

The ISA/IEC 62443-4-1 standard requires the product supplier to perform Communication Robustness Testing (CRT) as a normative requirement for compliance with the standard.  CRT testing ensures that a system is robust against network attacks.  The certification body does not independently repeat these tests as part of the product assessment during a certification engagement.

VIT Testing

The certification body does perform one type of test as part of their product assessment; this is Vulnerability Identification Testing (VIT) using the Tenable Nessus scanning tool.  This is a quick and inexpensive test. The purpose of Vulnerability Identification Testing (VIT) is to scan the device under test (DUT) with a commercially available tool to identify known vulnerabilities.  The device supplier must correct known vulnerabilities discovered during the VIT scan to meet the ISASecure product certification requirements. 

The ISASecure program uses the US-CERT National Vulnerability Database (NVDB) as the reference list for identifying known vulnerabilities, providing objectivity and transparency for the ISASecure assessment process.  Known vulnerabilities in the US-CERT NVDB are organized into globally accepted Common Weakness Enumeration (CWE) categories and the NVDB is updated on an on-going basis as new vulnerabilities are identified and verified. 

The VIT test is run when devices are evaluated for ISASecure certification; and the time and date of the scan is recorded.  This allows the suppliers and end-users to know which NVDB vulnerabilities were included in the scan. 

ISCI recommends that end-users require their suppliers to re-run the VIT during factory acceptance testing (FAT) and site acceptance testing (SAT).  These procurement steps ensure that new vulnerabilities that may have been discovered and added to the US-CERT NVDB during the time interval between the ISASecure certification VIT scan date and commissioning date are identified.

Information about the US-CERT NVDB may be found on the Unites States NIST website at:

Information about the CWE categories may be found on the US NIST website at:
Test Tools

Many test tools are available for both VIT testing and CRT testing.  A few of the tools are listed below. This list is not exhaustive and is intended only to be an example list of tools/suppliers; not an endorsement.

Synopsys, Inc.
185 Berry Street, Suite 6500
San Francisco, CA 94107 USA

US (800) 873-8193
International +1 (415) 321-5237

Contact: Chris Clark
Email   :
Url       :

1-2-1,Osaki Shinagawa-ku,Tokyo
141-8672 Japan



Beyond Security, Inc

2267 Lava Ridge Ct.

Roseville, CA 95661

Wurldtech Security Technologies
Suite 2000 - 1055 Dunsmuir St.
PO Box 49133
Vancouver, BC V7X 1J1 Canada
Phone: (604) 669-6674
Fax     : (604) 669-2902

email   :
url         : 

CNCERT/CC(National Computer Network Emergency Response Technical Team/Coordination Center of China)
Address: No. A3 Yumin Road, Chaoyang District, Beijing
Phone: 0086 10 82990212

Beijing Xinlian Kehui Technology Co., LTD
Address: Room 313, Building 2, No. 28 Zhenxing Road, Science Park Changping District, Beijing
Phone: 0086 10 85926718

Beijing Winicssec Technologies Co.Ltd.
Address: Room 901, Building F, Jiahua Building, Shangdi 3rd Street, Haidian District, Beijing, China
Tel:     4000-680-620


World Headquarters
Tenable Network Security
7021 Columbia Gateway Drive
Suite 5
Columbia, MD 21046
North America: +1 (410) 872-0555
LATAM: +1 (44
03) 545-2278

   EMEA Headquarters

Tenable Network Security
8 The Square
Stockley Park, Uxbridge
Middlesex, UB11 1FW
United Kingdom
+44 (0) 203-178-4247

   APAC Headquarters

Tenable Network Security
600 North Bridge Road
#09-06 Parkview Square
Singapore 188778