ISA Security Compliance Institute Publishes Test Lab and Test Tool Requirements

Research Triangle Park, NC (09 June 2010) – The ISA Security Compliance Institute (ISCI) has posted the recently approved ISASecure™ EDSA-200 Chartered Laboratory Operations and Accreditation specification and EDSA-201 Recognition Process for Communication Robustness Testing (CRT) Tools specification to the www.isasecure.org website.

The Lab Accreditation and Test Tool Recognition Requirements form a key element of the overall ISASecure Embedded Device Security Assurance (EDSA) certification program. These documents provide detailed information to organizations that want to submit test tools for inclusion in the ISASecure EDSA certification program and/or become an ISASecure Chartered Lab. As an operational strategy, ISCI does not plan to build test laboratories or test tools. Instead, ISCI has established and will maintain the requirements and specifications for the ISASecure program.

ISCI also posted the EDSA-100 Certification Scheme document to the www.isasecure.org website. This top-level document summarizes the overall ISASecure EDSA Certification program and provides the context for the test tool recognition and chartered laboratory requirements documents. Requirements for achieving the ISASecure EDSA certification for an embedded device are described in EDSA-300 ISASecure Certification Requirements, also posted on the www.isasecure.org website.

ISASecure EDSA certification program specifications can be downloaded from the “Certification Program” page of the www.isasecure.org website or accessed via the “View ISASecure Specifications” link in the blue block on the home page.

ISCI constructed the ISASecure EDSA certification as an ISO/IEC Guide 65 conformance scheme to facilitate global adoption of and participation in the ISASecure EDSA certification program. ”We are striving to establish a globally recognized Industrial Automation Control Systems security certification, intended to grow and improve within a structured paradigm. The ISO/IEC Guide 65 conformance scheme provides structured, deliberate processes for launching the ISASecure program and for expanding the scope of the ISASecure certifications,” explains Andre Ristaino, ASCI managing director.

The ISASecure certification was developed based on the ISA99 Industrial Automation and Control Systems Security standards and other relevant standards such as IEC. Visit the ISA99 Committee website (www.isa.org/ISA99) for details on the approved standard, the ISA99 roadmap, and relevant presentations.

About the ISA Security Compliance Institute
Founded in 2007, the ISA Security Compliance Institute’s mission is to provide the highest level of assurance possible for the cyber security of industrial automation control systems.

The Institute was established by thought leaders from major organizations in the industrial automation controls community seeking to improve the cyber security posture of Critical Infrastructure for generations to come. Founding Members include Chevron, ExxonMobil Research and Engineering, Honeywell, Invensys, Siemens, and Yokogawa. Key Technical Members include Exida, Mu Dynamics, and Rockwell Automation.

The Institute’s goals are realized through industry standards compliance programs, education, technical support and, improvements in suppliers’ development processes and users’ life cycle management practices. The Institute’s ISASecure™ designation ensures that industrial automation control products conform to industry consensus cyber security standards, providing confidence to users of ISASecure™ products and systems and creating product differentiation for suppliers conforming to the ISASecure™ specification. www.isasecure.org