See Our Certifications and How They Help Reduce Risk in Your Industry

View Certified Components

Contact Us Now

Test Tools

The ISASecure certification scheme includes product testing as part of the overall product assessment process.  Vulnerability Identification Testing (VIT) and Communication Robustness Testing (CRT) / System Robustness Testing (SRT) are the two broad categories of product testing performed today.

The ISA Security Compliance Institute operates a structured Communication Robustness Testing (CRT) tool recognition program to identify CRT tools acceptable for use by certification bodies (CB) in ISASecure certification programs.  The CRT tools must be capable of supporting published ISASecure cybersecurity certification test requirements.  CRT tool recognition requirements and ISASecure product certification test requirements are described in ISASecure specifications, available for download on this website.

CRT and SRT Testing

CRT and SRT testing ensures that devices and systems meeting ISASecure certification requirements are robust against network attacks.

CRT test tools that have been recognized by ISCI are the only tools that may be used by ISCI accredited labs (CB) during the CRT testing and System Robustness Testing (SRT) portions of the ISASecure EDSA and SSA certifications.

IEC 62443 product security development practices require suppliers to use CRT test tools during the internal product development and testing lifecycle phases to identify and correct network based security vulnerabilities.  While not required, using recognized CRT tools during the development process can aid suppliers in preparing for the formal ISASecure certifications.

CRT and SRT Test Tools

A list of ISCI Recognized CRT and SRT test tools can be found using the link below.  ISCI is in constant contact with cybersecurity test tool suppliers and new CRT and SRT test tools will be added in the future.

Listing of ISCI Recognized CRT Test Tools

Vulnerability Identification Testing

The purpose of Vulnerability Identification Testing (VIT) is to scan the device under test (DUT) with a commercially available tool to identify known vulnerabilities.  The device supplier must correct known vulnerabilities discovered during the VIT scan to meet the ISASecure product certification requirements. 

The ISASecure program uses the US-CERT National Vulnerability Database (NVDB) as the reference list for identifying known vulnerabilities, providing objectivity and transparency for the ISASecure assessment process.  Known vulnerabilities in the US-CERT NVDB are organized into globally accepted Common Weakness Enumeration (CWE) categories and the NVDB is updated on an on-going basis as new vulnerabilities are identified and verified. 

The VIT test is run when devices are evaluated for ISASecure certification and the time and date of the scan is recorded.  This allows the suppliers and end-users to know which NVDB vulnerabilities were included in the scan. 

ISCI recommends that end-users require their suppliers to re-run the VIT during factory acceptance testing (FAT) and site acceptance testing (SAT).  These procurement steps ensure that new vulnerabilities that may have been discovered and added to the US-CERT NVDB during the time interval between the ISASecure certification VIT scan date and commissioning date are identified.

Information about the US-CERT NVDB may be found on the Unites States NIST website at:

Information about the CWE categories may be found on the US NIST website at:
VIT Test Tools

ISCI evaluates commercially available VIT test tools and recognizes them for use by ISASecure CB’s for formal product testing and certification.  VIT tools are selected based upon several factors including but not limited to; broad availability/support, industry acceptance, and, tight linkages with the US-CERT NVDB. 

A list of ISCI Recognized VIT test tools can be found using this link:

Listing of ISCI recognized Vulnerability Identification Testing Tools

For Cybersecurity CRT Test Tool Suppliers – How to Get Your CRT Test Tool Recognized

Companies wishing to include their CRT test tool in the ISASecure certification scheme must submit their tools to ISCI for evaluation. Click on the link below for a description of the submittal process.

ISCI CRT Test Tool Recognition Process

Test Tool Providers

Synopsys, Inc.
185 Berry Street, Suite 6500
San Francisco, CA 94107 USA

US (800) 873-8193
International +1 (415) 321-5237

Contact: Chris Clark
Email   :
Url       :

1-2-1,Osaki Shinagawa-ku,Tokyo
141-8672 Japan


19925 Stevens Creek Blvd.
Cupertino, CA 95014

Links to Global Offices / Contact Information

Wurldtech Security Technologies
Suite 2000 - 1055 Dunsmuir St.
PO Box 49133
Vancouver, BC V7X 1J1 Canada
Phone: (604) 669-6674
Fax     : (604) 669-2902

email   :
url         : 

CNCERT/CC(National Computer Network Emergency Response Technical Team/Coordination Center of China)
Address: No. A3 Yumin Road, Chaoyang District, Beijing
Phone: 0086 10 82990212

Beijing Xinlian Kehui Technology Co., LTD
Address: Room 313, Building 2, No. 28 Zhenxing Road, Science Park Changping District, Beijing
Phone: 0086 10 85926718

Beijing Winicssec Technologies Co.Ltd.
Address: Room 901, Building F, Jiahua Building, Shangdi 3rd Street, Haidian District, Beijing, China
Tel:     4000-680-620


World Headquarters
Tenable Network Security
7021 Columbia Gateway Drive
Suite 5
Columbia, MD 21046
North America: +1 (410) 872-0555
LATAM: +1 (44
03) 545-2278

   EMEA Headquarters

Tenable Network Security
8 The Square
Stockley Park, Uxbridge
Middlesex, UB11 1FW
United Kingdom
+44 (0) 203-178-4247

   APAC Headquarters

Tenable Network Security
600 North Bridge Road
#09-06 Parkview Square
Singapore 188778