OPAF partners with ISA to use ISASecure® specifications for assessing O-PAS™ components to ISA/IEC 62443 cybersecurity standards

Research Triangle Park, North Carolina, USA (27 June 2019) – ISA, a global professional society comprised of automation engineers and technicians, has entered into an agreement with The Open Group Open Process Automation™ Forum (OPAF) to facilitate cybersecurity testing of prototype O-PAS™ compliant components. The agreement licenses the ISASecure® certification specifications for use by OPAF as the basis for conducting assessments and issuing reports.
 
The ISASecure cybersecurity certification scheme certifies to the internationally adopted series of industrial cybersecurity standards, ISA/IEC 62443.
 
The ISASecure certification independently certifies that automation, control systems and IOT devices are free of known vulnerabilities, robust against network attacks, and meet the security capabilities defined in the ISA/IEC 62443 standards.
 
Under this arrangement prototype O-PAS components will receive assessment reports based on the ISASecure conformance specifications. Exida, the first ISASecure ISO 17065 accredited certification body, will conduct the O-PAS cybersecurity assessments via a special arrangement with the ISASecure program.
 
When market-ready O-PAS components become available they can be submitted for certification testing to any one of the ISASecure ISO 17065 accredited certification bodies and receive globally recognized ISASecure certificates of conformance to the ISA/IEC 62443 standards.
 
“ISASecure is well known and thoroughly vetted by many current members of OPAF,” stated Ed Harrington, forum director of The Open Process Automation™ Forum. “This arrangement is a natural fit for our prototype phase of the O-PAS program and when O-PAS is a commercial reality.”
 
The ISASecure cybersecurity certification is designed to help the industry navigate the ever-changing digital landscape and recognize products with enhanced cybersecurity measures.
 
“ISA developed the ISASecure cybersecurity certification to provide asset owners assurances of cybersecurity in their automation and control systems and to promote supplier best practices that protect automation systems and the operations they control,” said Andre Ristaino, ISA managing director. “This collaboration with OPAF is another ISASecure initiative for improving the security of automation that affects our everyday lives.”
 
The O-PAS Standard, Version 1.0 can be downloaded at: https://publications.opengroup.org/p190
 
For more information on the certification, visit www.isasecure.org

About The Open Group
The Open Group is a global consortium that enables the achievement of business objectives through technology standards. Our diverse membership of more than 675 organizations includes customers, systems and solutions suppliers, tool vendors, integrators, academics, and consultants across multiple industries. Further information on The Open Group can be found at www.opengroup.org.
 
About The Open Group Open Process Automation™ Forum (OPAF)
The Forum focuses on developing a standards-based, open, secure, interoperable process control architecture. OPAF is a consensus-based group of end users, suppliers, system integrators, standards organizations, and academia. It addresses both technical and business issues for process automation.  For more info, please visit https://www.opengroup.org/forum/open-process-automation-forum.
 
About the ISA Security Compliance Institute (ISCI)
Founded in 2007, the ISA Security Compliance Institute’s mission is to provide the highest level of assurance possible for the cyber security of automation and control systems (ACS).
 
The Institute was established by thought leaders from major organizations in the industrial automation controls community seeking to improve the cyber security posture of Critical Infrastructure for generations to come.
 
The Institute’s goals are realized through industry standards compliance programs, education, technical support, and improvements in suppliers’ development processes and users’ life cycle management practices. The ISASecure^® designation independently confirms that control system products conform to the ISA/IEC 62443 cyber security standards, providing confidence to users of ISASecure certified products and systems and creating product differentiation for suppliers achieving the ISASecure designation.