ISA Security Compliance Institute Publishes Embedded Device Security Assessment Specifications
Research Triangle Park, NC (27 April 2010) – The ISA Security Compliance Institute (ISCI) announced that it has posted two of three key elements of the ISASecure™ Embedded Device Security Assessment (EDSA) certification specification on its website: www.isasecure.org. ISASecure certification is intended to be used as a requirement in procurement documents. The ISASecure EDSA certification provides asset owners with security assurances to a defined level for embedded devices that meet the ISASecure EDSA certification requirements.
ISCI developed the ISASecure EDSA certification within the framework of the ISA99 Industrial Automation and Control Systems security standards. ISASecure EDSA comprises three elements: the Functional Security Assessment (FSA), the Software Development Security Assessment (SDSA), and the device Communication Robustness Testing (CRT). Details on each element are available on the ISCI website, www.isasecure.org.
The two elements that ISCI published to its website are the FSA and SDSA certification specifications. They are available for download in PDF format. Upon final approval, all of the ISASecure EDSA certification specifications will be available to the public on the ISCI website.
ISCI Members, seeking to benefit the larger industrial automation controls security community, donated the ISASecure specifications to the ISA99 Standards Committee for consideration in their standards development process. ISCI invites individuals and organizations who desire to provide feedback on the specifications to communicate directly with the ISA99 standards committee. This will enable their input to be vetted via an open-consensus ANSI Standards process. To provide feedback, visit www.isa.org/ISA99.
The ISASecure program is being established as a globally recognized IEC Guide 65 conformance scheme, with processes and requirements for accrediting organizations to provide certification services on behalf of ISCI and for recognizing tools authorized for use in CRT certification. Service organizations and test tool suppliers are encouraged to visit www.isasecure.org on 1 June
2010, when participation requirements will be posted.
Founded in 1945, The International Society of Automation (www.isa.org) is a leading, global, nonprofit organization that is setting the standard for automation by helping over 30,000 worldwide members and other professionals solve difficult technical problems, while enhancing their leadership and personal career capabilities. Based in Research Triangle Park, North Carolina, ISA develops standards; certifies industry professionals; provides education and training; publishes books and technical articles; and hosts conferences and exhibitions for automation professionals. ISA is the founding sponsor of The Automation Federation (www.automationfederation.org).
About the ISA Security Compliance Institute
Founded in 2007, the ISA Security Compliance Institute’s mission is to provide the highest level of assurance possible for the cyber security of industrial automation control systems.
The Institute was established by thought leaders from major organizations in the industrial automation controls community seeking to improve the cyber security posture of Critical Infrastructure for generations to come. Founding Members include Chevron, ExxonMobil Research and Engineering, Honeywell, Invensys, Siemens, and Yokogawa. Key Technical Members include Exida, Mu Dynamics, Rockwell Automation, and Wurldtech Security Technologies.
The Institute’s goals are realized through industry standards compliance programs, education, technical support, and improvements in suppliers’ development processes and users’ lifecycle management practices. The Institute’s ISASecure designation ensures that industrial automation control products conform to industry consensus cyber security standards, providing confidence to users of ISASecure products and systems and creating product differentiation for suppliers conforming to the ISASecure specification. www.isasecure.org