The Ultimate Guide to Protecting OT Systems with IEC 62443

What is IEC 62443?

Focus on Basics: The IEC 62443 Checklist

Taking advantage of IEC 62443’s broad applicability and inclusiveness

Examining IEC 62443 Zones, Conduits and Security Levels

While there are similarities to ISA 95 layers, the overlap is mostly just an homage to IEC 62443’s predecessor. What matters is that IEC 62443 standards demonstrate solid guidance asset owners can use as a basis for building a comprehensive OT/IACS program, and to standardize their security taxonomy, design elements, and requirements.

The IEC 62443 aligned Cybersecurity Management System (CSMS)

Figure 2: Example ISA62443 CSMS requirements matrix subsection

Guiding risk assessment with IEC 62443

Figure 3: Image based on workflow diagrams in IEC 62443–3–2 Security for IACS

Using IEC 62443 to secure product development lifecycles

Figure 4: FRs vs. Res — The 7 areas broken down and can have different sub-requirements called Requirement Enhancements (Res).
Figure 5: Example requirements for FR1 courtesy of ISAsecure
Figure 6: Phases courtesy of ISAsecure
Figure 7: Most developments organizational process for creating products

Leveraging IEC 62443 in product selection and procurement

Figure 8: Example subset of the IEC 62443 requirements

Blending IEC 62443 with other frameworks and standards

Figure 9: Comparing standards and guidance to IEC 62443.

Acknowledging IEC 62443’s cyber-physical limitations

Getting started with IEC 62443

Figure 10: examples of where the IEC 62443 could be of help to an asset owner

IEC 62443-specific certifications and source material

How Verve aligns to IEC 62443

Verve Security Services: Turnkey compliance and security for industrial environments



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Verve Industrial Protection

Verve Industrial Protection

Verve's mission is to protect the world's critical infrastructure. Learn more at