Japan’s Information-technology Promotion Agency Adopts ISASecure as a Component of Japan’s Critical Infrastructure Protection Scheme
Research Triangle Park, NC (10 September 2012) – The Japan Information- technology Promotion Agency (IPA) entered into a formal collaboration agreement with the ISA Security Compliance Institute (ISCI) to facilitate adoption of the ISASecure™ industrial automation controls (IAC) certification program as a component of Japan’s initiative to secure critical infrastructure.
As part of the agreement, the IPA is translating the published ISASecure certification program specification into Japanese and will maintain future updates to the Japanese language ISASecure specification. The translated ISASecure specification will be posted to a Japanese language section of the www.isasecure.org website for use by stakeholders in the Japanese IAC cyber security community. Adoption of the ISASecure certification scheme by Japan IPA expands the ISCI stakeholder community from suppliers and asset owners to government entities.
The ISASecure Embedded Device Security Assurance (EDSA) certification is the first ISCI security certification to be translated as part of the collaboration agreement between IPA and ISCI. Additional ISASecure certifications developed by ISCI will be translated by the IPA when they become available.
The IPA joined ISCI as a Government member in July 2012 to participate in the specification development of future ISASecure certification offerings including the System Security Assurance (SSA) certification planned for launch at the end of 2012. The SSA certification expands the scope of ISASecure certifications beyond embedded devices and will include entire control systems such as DCS and SCADA systems.
“We welcome the support and input from IPA and their team of distinguished IAC cyber security professionals,” said Andre Ristaino, managing director of ISCI “and look forward to supporting IPA’s initiatives for securing Japan’s critical infrastructure.”
To provide local support for ISASecure certification activity, the IPA is facilitating the establishment of ISO/IEC accredited ISASecure certification testing facilities in Japan.
“With ISCI, we are going to accelerate our global certification and make a contribution to the establishment and improvement of the secure society as well as of secure Japan,” said Kobayashi Hideaki, laboratory director of IPA security center.
ISASecure certification specifications are based on international standards such as ISO/IEC 15408, ISO/IEC 2700x, ISA99 / IEC 62443 and industry accepted cyber security practices for IAC systems development and integration methodologies with the intent to establish a single, globally recognized certification.
About the Information-technology Promotion Agency
IPA is established to undertake matters deemed essential to the interest of the general public, including ensuring stability in people’s lives, society and the economy. IPA activities are aimed at fulfilling three missions: 1) Assuring the security and reliability of social IT services and systems 2) Strengthening international competitiveness 3) Cultivating highly skilled world-class IT human resources. www.ipa.go.jp
About ISASecure EDSA Certification
The ISASecure program has been developed by the ISA Security Compliance Institute (ISCI) with a goal to accelerate industry-wide improvement of cybersecurity for Industrial Automation and Control Systems (IACS). It achieves this goal by offering a common industry-recognized set of device and process requirements that drive device
security, simplifying procurement for asset owners and device assurance for equipment vendors.
ISASecure Embedded Device Security Assurance Certification (ISASecure EDSA), the first ISASecure certification, focuses on security of embedded devices and addresses device characteristics and supplier development practices for those devices. Through this certification, an embedded device that meets the requirements of the ISASecure specifications receives the ISASecure EDSA certification—a trademarked designation that provides instant recognition of product security characteristics and capabilities. ISASecure EDSA offers three certification levels for a device based on increasing levels of device security assurance: ISASecure Level 1 for Devices, ISASecure Level 2 for Devices, and ISASecure Level 3 for Devices.
The ISASecure EDSA certification is an ISO/IEC Guide 65 conformance scheme supporting ISCI’s goal to operate a globally recognized industrial automation controls cybersecurity certification program. This third-party accreditation by ANSI/ACLASS enhances the credibility and value of the ISASecure certification by attesting to the competence and qualification of ISCI certification bodies and laboratories. Visit www.ansi.org/isasecure for details on the ISASecure ANSI/ACLASS accreditation process.
About the ISA Security Compliance Institute
Founded in 2007, the ISA Security Compliance Institute’s mission is to provide the highest level of assurance possible for the cyber security of industrial automation control systems.
The Institute was established by thought leaders from major organizations in the industrial automation controls community seeking to improve the cyber security posture of Critical Infrastructure for generations to come. Founding Members include Chevron, ExxonMobil Research and Engineering, Honeywell, Invensys, Siemens, and Yokogawa. Key Technical Members include exida and RTP Corp.
The Institute’s goals are realized through industry standards compliance programs, education, technical support, and improvements in suppliers’ development processes and users’ life cycle management practices. The Institute’s ISASecure™ designation ensures that industrial automation control products conform to industry consensus cyber security standards, providing confidence to users of ISASecure™ products and systems and creating product differentiation for suppliers conforming to the ISASecure™ specification. www.isasecure.org.
ISASecure EDSA Certification is a trademark of the ISA Security Compliance Institute.