- September 02, 2015
New version of EDSA and SSA certification requirements to become effective 1 February 2016.
September 2, 2015) – The ISA Security Compliance Institute, which manages the ISASecure cybersecurity certification scheme for industrial automation and control systems (IACS), announced updates to certification requirements for the Embedded Device Security Assurance (EDSA) certification and System Security Assurance (SSA) certification.
ISASecure certifies to the international IEC 62443 series of IACS cybersecurity standards. Products are evaluated for conformance by independent labs accredited by JAB, ANSI/ANAB and, DaKKS. Lab accreditation requirements include ISO 17065, ISO 17025 and scheme-specific ISASecure requirements.
The new EDSA and SSA certification requirements were posted on the website in June 2015 and are generally referred to as Version 2. The new requirements are effective for any products submitted on or after 1 February 2016.
The EDSA and SSA requirements specifications on the website include documents that provide details and guidance on the transition to Version 2 (ISASecure-112 Transition Guidance to EDSA 2.0.0 and SSA 2.0.0) and related policies (ISASecure-113 Transition Policy to EDSA 2.0.0 and SSA 2.0.0) respectively.
Updates include expanded requirements for vulnerability identification test (VIT) scans of products submitted for certification. In addition, the certification specification requirements documents have been simplified for use by certification labs and suppliers. A key change includes references to a security development lifecycle assurance (SDLA) requirements document, which is used in both the EDSA v2 and SSA v2 certifications.
Additional important changes to requirements are included in the transition and policy documents referenced above: ISASecure-112 Transition Guidance to EDSA 2.0.0 and SSA 2.0.0 and ISASecure-113 Transition Policy to EDSA 2.0.0 and SSA 2.0.0.
Changes impact ISASecure communication robustness tool (CRT) providers and technical readiness for ISASecure certification bodies (CB).
About the ISA Security Compliance Institute (ISCI) Founded in 2007, the ISA Security Compliance Institute’s mission is to provide the highest level of assurance possible for the cyber security of industrial automation control systems (IACS). The Institute was established by thought leaders from major organizations in the industrial automation controls community seeking to improve the cyber security posture of Critical Infrastructure for generations to come. ISCI Members include Chevron, ExxonMobil, Aramco Services, Honeywell, Invensys (now Schneider Electric), Yokogawa, exida, Codenomicon, CSSC, and IPA-Japan.Learn More
Did you enjoy this great article?
Check out our free e-newsletters to read more great articles..Subscribe