Assessment of IEC 62443 requirements for AAS structure

Table Table 1 ,Table 2, Table 3, Table 4, Table 5, Table 6 and Table 7 provide an assessment regarding the relevance of the foundation requirements defined by the IEC 62443 series towards the structure and interface of the AAS as defined in IEC 63278-1,-2,-5. Since AAS shares aspects of a system and a component both IEC 62443-3-3 and IEC 62443-4-2 have been considered.

According to the analysis not all foundational requirements given in IEC 62443 are applicable on the level of IEC 63278-1,-2,-5. “Y” means the requirement applies and is addressed within this document, “N” means the requirement does not apply. “P” means that the requirement is partially addressed by this document, details are either defined by other applicable standards or left to the implementation.

The full set of IEC 62443 requirements needs to be reconsidered for additional system components (e.g., AAS user application, infrastructure) and for subsequent realization steps (detailed design, implementation, system integration, operation).

Table 1. Assessment of IEC 62443 FR1 Authentication Control requirements for AAS
FR Title IEC 62443-3-3 SR IEC 62443-4-2 CR Applicable to IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] IDTA 01004 clause or comment

1.1

Human user, process and device identification and authentication

Y

Identification and authentication of AAS user application users

1.2

Software process and device identification and authentication

Y

Identification and authentication of AAS user applications and AAS interface

1.3

Account management

Y

Account management

1.4

Identifier management

Y

Identifier management

1.5

Authenticator management

P

AAS authorization solely relies on short-term authentication tokens (Attributes). Measures for management and protection of access tokens are left to the implementation.

1.6

Wireless access management

N

IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] do not make any assumption on network physical infrastructure. This is left to the implementation.

1.7

Strength of password-based authentication

N

AAS interface does not define password-based authentication.

1.8

Public key infrastructure certificates

P

Public key infrastructure

It is possible to use public key certificates to meet authentication requirements for AAS regarding, e.g., acquisition of an access tokens (Attributes), for TLS channel protection (Identification and authentication of AAS user application users, Identification and authentication of AAS user applications and AAS interface, Information integrity, Information confidentiality).

1.9

Strength of public key authentication

P

Use of cryptography

1.10

Authenticator feedback

Y

Authenticator feedback

1.11

Unsuccessful login attempts

N

AAS interface does not provide lock-out for users. This is left to the authentication service used to acquire the access token or the AAS user application.

1.12

System use notification

N

This is left to the AAS user application.

1.13

Access via untrusted networks

N

IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] do not make any assumption on network physical infrastructure. This is left to the implementation.

1.14

Strength of symmetric key authentication

P

Use of cryptography

Table 2. Assessment of IEC 62443 FR2 Use Control requirements for AAS
FR Title IEC 62443-3-3 SR IEC 62443-4-2 CR Applicable to IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] IDTA 01004 clause or comment

2.1

Authorization enforcement

Y

Authorization enforcement, Access Rule Model

2.2

Wireless use control

N

IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] are hardware agnostic

2.3

Use control for portable and mobile devices

N

IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] do not consider deployment aspects

2.4

Mobile code

N

IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] do not consider deployment aspects

2.5

Session lock

N

AAS does not define (direct) human access to the AAS interface. This is left to the AAS user application.

2.6

Remote session termination

Y

Limited life-time of access tokens. Attributes

2.7

Concurrent session control

N

AAS does not impose any limits on the amount and concurrency of requests from the AAS user application. This is left to the implementation.

2.8

Auditable events

Y

Auditable events

2.9

Audit storage capacity

N

AAS does not define audit storage.

2.10

Response to audit processing failures

N

AAS does not define audit storage.

2.11

Timestamps

Y

Timestamps

2.12

Non-repudiation

Y

Non-repudiation, Accountability for AAS Content and Digital Signatures

2.13

Use of physical diagnostic and test interfaces

N

AAS is hardware agnostic.

Table 3. Assessment of IEC 62443 FR3 System Integrity requirements for AAS
FR Title IEC 62443-3-3 SR IEC 62443-4-2 CR Applicable to IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] IDTA 01004 clause or comment

3.1

Communication integrity

Y

Information integrity

3.2

Malicious code protection

N

IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] do not consider deployment and implementation specific security aspects.

3.3

Security functionality verification

N

IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] do not consider deployment and implementation specific security aspects.

3.4

Software and information integrity

Y

Information integrity

3.5

Input validation

Y

Input validation

3.6

Deterministic output

N

AAS degradation behaviour is use case and implementation specific.

3.7

Error handling

Y

Error handling

3.8

Session integrity

Y

Session integrity

3.9

Protection of audit information

N

AAS does not define audit storage.

3.10

Support for updates

N

IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] do not consider operations aspects.

3.11

Physical tamper resistance and detection

P

Potential measures to protect integrity of data represented by the AAS include technologies for physical tamper resistance and detection.

IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] do not define hardware aspects including physical tamper resistance and detection. This is left to the implementation and operation based on the assessment of the associated risks.

Information integrity

3.12

Provisioning product supplier roots of trust

P

Entity (product) in question is the asset managed by the AAS.

Asset roots of trust managment

3.13

Provisioning asset owner roots of trust

Y

Entity (asset) in question is the AAS.

AAS roots of trust management

3.14

Integrity of the boot process

N

IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] do not define operation platform specific aspects including integrity of the boot process. This is left to the implementation and operation.

Table 4. Assessment of IEC 62443 FR4 Data confidentiality requirements for AAS
FR Title IEC 62443-3-3 SR IEC 62443-4-2 CR Applicable to IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] IDTA 01004 clause or comment

4.1

Information confidentiality

Y

Information confidentiality

4.2

Information persistence

N

IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] do not consider information persistence aspects. This is left to the operation and maintenance.

4.3

Use of cryptography

Y

Use of cryptography

Table 5. Assessment of IEC 62443 FR5 Restricted data flow requirements for AAS
FR Title IEC 62443-3-3 SR IEC 62443-4-2 CR Applicable to IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] IDTA 01004 clause or comment

5.1

Network segmentation

N

IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] do not consider deployment aspects.

5.2

Zone boundary protection

N

IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] do not define network deployment and topology aspects.

5.3

General purpose person-to-person communication restrictions

N

IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] do not consider person-to-person communication.

5.4

Application partitioning

Y

Application partitioning

Table 6. Assessment of IEC 62443 FR6 Timely response to events requirements for AAS
FR Title IEC 62443-3-3 SR IEC 62443-4-2 CR Applicable to IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] IDTA 01004 clause or comment

6.1

Audit log accessibility

P

Audit log accessibility

6.2

Continuous monitoring

Y

Continuous monitoring

Table 7. Assessment of IEC 62443 FR7 Resource Availability requirements for AAS
FR Title IEC 62443-3-3 SR IEC 62443-4-2 CR Applicable to IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] IDTA 01004 clause or comment

7.1

Denial of service protection

Y

Denial-of-service protection

7.2

Resource management

N

IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] do not define resource deployment aspects.

7.3

Control system backup

N

IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] do not define resource deployment and operations aspects.

7.4

Control system recovery and reconstitution

Y

AAS recovery and reconstitution

7.5

Emergency power

N

IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] do not define network deployment aspects.

7.6

Network and security configuration settings

N

IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] do not define network deployment aspects.

7.7

Least functionality

Y

Least functionality

7.8

Control system component inventory

N

IDTA 01001 [1], IDTA 01002 [2], IDTA 01003-a [3] do not define deployment aspects.