Industry IoT Consortium and International Society of Automation Update IoT Security Maturity Model
Aug. 9, 2023 – The Industry IoT Consortium (IIC) and the International Society of Automation updated the IoT Security Maturity Model (SMM): ISA/IEC 62443 Mappings for Asset Owners and Product Suppliers and Service Suppliers. The updates consider significant updates to the 62443-2-1 standard for industrial automation and control systems (IACS) security programs.
ISA/IEC 62443-2-1 removes material on the information security management program (ISMS), allowing stakeholders to rely on ISO/IEC 27001 for the information security program and ISO/IEC 27002 for related controls. ISA/IEC 62443-2-1 retains OT-specific requirements for security programs.
Correspondingly, the SMM mappings add a new section of SMM practice mappings to Edition 2 of ISA/IEC 62443-2-1 and relevant ISO/IEC 27001 and 27002 requirements. The SMM: ISA/IEC 62443 Mappings for Asset Owners, Product Suppliers, and Service Suppliers retains Edition 1 mappings and other corrections and clarifications.
“Together with IoT SMM industry profiles, the mappings are a powerful tool to allow organizations to identify what they need to accomplish within their industries and when deploying certain types of solutions, such as digital twins,” said Ron Zahavi, CEO, Auron Technologies, and one of the SMM authors.
“This new guidance extends the previously published IoT Security Maturity Model (SMM): ISA/IEC62443 Mappings for Asset Owners, Product Suppliers, and Service Suppliers by incorporating updates to the 62443-2-1 standard, thus giving practical guidance to practitioners who wish to improve their security maturity,” said Frederick Hirsch, co-chair of the joint IIC-ISA SMM group and co-author of the paper. “The updated IoT SMM document extends the guidance of the IoT Security Maturity Model and its profiles so that once maturity level targets and assessments are understood, organizations may use the current ISA/IEC 62443 guidance to help achieve maturity targets.”
“It’s not about adding more security but about implementing the appropriate security measures,” said Pierre Kobes, an ISA99 and IEC Technical Committee 65 member. “The updated IoT SMM: ISA/IEC 62443 Mappings for Asset Owners and Product Suppliers helps companies select the adequate security levels commensurate with their expected level of risk. The ISA/IEC 62443 standards are significant for industrial automation and control system security programs, providing proven and accepted engineering practices, increasing the power of using the IoT Security Maturity Model.”
You can download the updated IoT SMM: ISA/IEC 62443 Mappings for Asset Owners, Product Suppliers, and Service Providers from IIC and ISA websites. A complete list of the contributing authors is available in the document.
About the International Society of Automation
The International Society of Automation (ISA) is a non-profit professional association founded in 1945 to create a better world through automation. ISA’s mission is to empower the global automation community through standards and knowledge sharing. ISA develops widely used global standards and conformity assessment programs; certifies professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its members and customers around the world.
About Industry IoT Consortium
The Industry IoT Consortium delivers transformative business value to industry, organizations, and society by accelerating the adoption of a trustworthy Internet of Things. The Industry IoT Consortium is a program of the Object Management Group.
Xem Thêm: Hệ thống MES