CAN/CSA-IEC 62443-2-1:17
This part of IEC 62443 defines the elements necessary to establish a cyber security
management system (CSMS) for industrial automation and control systems (IACS) and
provides guidance on how to develop those elements. This standard uses the broad definition
and scope of what constitutes an IACS described in IEC/TS 62443-1-1.
The elements of a CSMS described in this standard are mostly policy, procedure, practice and
personnel related, describing what shall or should be included in the final CSMS for the
organization.
NOTE 1 Other documents in the IEC 62443 series and in the Bibliography discuss specific technologies and/or
solutions for cyber security in more detail.
The guidance provided on how to develop a CSMS is an example. It represents the author’s
opinion on how an organization could go about developing the elements and may not work in
all situations. The users of this standard will have to read the requirements carefully and
apply the guidance appropriately in order to develop a fully functioning CSMS for an
organization. The policies and procedures discussed in this standard should be tailored to fit
within the organization.
NOTE 2 There may be cases where a pre-existing CSMS is in place and the IACS portion is being added or there
may be some organizations that have never formally created a CSMS at all. The authors of this standard cannot
anticipate all cases where an organization will be establishing a CSMS for the IACS environment, so this standard
does not attempt to create a solution for all cases.
SDO:
CSA
Language:
English
ICS Codes:
25.040.40;
33.040
Status:
Standard
Publish date:
2017-09-30
Standard Number:
CAN/CSA-IEC 62443-2-1:17