IEC 62443-4-1:2018 工业自动化和控制系统的安全.第4-1部分:安全产品开发生命周期要求

标准编号：IEC 62443-4-1:2018

中文名称：工业自动化和控制系统的安全.第4-1部分:安全产品开发生命周期要求

英文名称：Security for industrial automation and control systems - Part 4-1: Secure product development lifecycle requirements

发布日期：2018-01-15

标准范围

IEC 62443-4:20 18规定了工业自动化和控制系统中使用的产品安全开发的工艺要求。本规范是解决工业自动化和控制系统(IACS)安全问题的一系列标准的一部分。IEC 62443-4定义了与工业自动化和控制系统环境中使用的产品的网络安全相关的安全开发生命周期（SDL）要求，并就如何满足每个元素的要求提供了指导。生命周期描述包括安全需求定义、安全设计、安全实现（包括编码指南）、验证和确认、缺陷管理、补丁管理和产品生命周期终止。这些要求可以应用于开发、维护和淘汰硬件、软件或固件的新的或现有的过程。请注意，这些要求仅适用于产品的开发者和维护者，不适用于产品的集成商或用户。附件B提供了要求的一览表。

IEC 62443-4:2018 specifies the process requirements for the secure development of products used in industrial automation and control systems. This specification is part of a series of standards that addresses the issue of security for industrial automation and control systems (IACS). IEC 62443-4 defines secure development life-cycle (SDL) requirements related to cyber security for products intended for use in the industrial automation and control systems environment and provides guidance on how to meet the requirements described for each element. The life-cycle description includes security requirements definition, secure design, secure implementation (including coding guidelines), verification and validation, defect management, patch management and product end-of-life. These requirements can be applied to new or existing processes for developing, maintaining and retiring hardware, software or firmware.
Note that these requirements only apply to the developer and maintainer of the product, and are not applicable to the integrator or the user of the product. A summary list of the requirements is provided in Annex B.

标准预览图