Industrial Automation and Control System Security - ISA/IEC 62443

Protecting Industrial Automation and Control Systems against cyberattacks has become more important than ever before. Learn more about the ISA/IEC 62443 standards.
get a free consult

Companies who chose us

About the ISA/IEC 62443 standards

ISA/IEC 62443 series of standards were created to provide an easy-to-use,
achievable model to handle risks and mitigate cybersecurity threats.

IEC 62443 is the standard for protecting Industrial Automation and Control Systems and the most effective Cybersecurity solution for Industry 4.0.

With increased connectivity of production assets (IIoT), new hazards emerge that must be included in traditional risk management processes.

An industrial automation control system component manufacturer (supplier) shall include the consideration of security requirements under IEC 62443 4-1 in its product development processes.

The IEC 62443 standard Part 4-1 defines a secure development lifecycle to create and maintain secure products used in industrial automation and control systems (IACS). The IEC 62443-4-1 certificate confirms that the developer has implemented a secure-by-design methodology from the first day of product development processes, which includes a complete security lifecycle and patch management.




ISA/IEC 62443-4-1



ISA/IEC 62443-4-2
Embedded devices
Network components
Host devices

ISA/IEC 62443 series of standards were created to provide an easy-to-use, achievable model to handle risks and mitigate cybersecurity threats.

To make sure that the security requirements relevant to customers are met, these industrial components shall be certified under IEC 62443-4-2. If component suppliers follow the set of guidelines that are defined in the IEC 62443-4-2 subsection, they will equip their customers with the best chance of protecting their networks against cyberattacks.

Although the component suppliers must add certain features and capabilities to their devices for the devices to be suitable for deployment on Industrial IoT networks, conforming to the requirements outlined within IEC 62443-4-2 guarantees secure and resilient components, which are to be procured by 62443 certified and secured IACS organizations.

Security level






























Key distinctions between IEC 62443-4-1 and IEC 62443-4-2

  • IEC 62443-4-1 utilizes four maturity levels, whereas IEC 62443-4-2 is structured around four security levels.

  • Attaining IEC 62443-4-1 certification is a prerequisite for obtaining certification in IEC 62443-4-2.

  • IEC 62443-4-1 concentrates on secure product development and the product lifecycle, while IEC 62443-4-2 emphasizes technical security requirements for IACS components, specifically embedded devices, network components, host components, and software applications.

  • IEC 62443-4-1 encompasses 47 requirements distributed across 8 practices, whereas IEC 62443-4-2 addresses 140 requirements outlined in the standard.

The IEC 62443 standard describes 4 levels of security functionality
for component security (62443-4-2)


Protection against causal or coincidental violation


Protection against intentional violation using simple means with low resources, generic skills and low motivation


Protection against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivation


Protection against intentional violation using sophisticated means with extended resources, IACS specific skills and high motivation

What documents are required during the evaluation?

At the commencement of the process, the client needs to specify the desired level of maturity (4-1) or security level (4-2) for the product evaluation. Various documents are also necessary, with some to be provided by the client, others by the laboratory, and only one by the Certification Body (CB). Following this, the client is required to draft a Conformity Statement, detailing how the requirements are met.

After the evaluation, the lab completes theTest Report Form (TRF) using information from the customer. The TRF serves as the outcome of the evaluation and is submitted to the CB. The CB assumes responsibility for issuing the certificate.

Get IEC 62443 certification under the CB Scheme

CCLab is ready to provide the following services to in order to conform and comply with the desired standards and security levels.

  • Gap analysis

  • Consultation and support the preparations for certification

  • Online and on-site workshops

  • Documentation review

  • Secure product development lifecycle requirements audit & certification (62443-4-1)

  • Technical security requirements for IACS component evaluation & certification (62443-4-2)

Together with other members of QTICS Group, we provide a wider range of compliance services within the Energy & Industry sector.

You don’t have enough information about Industrial Control System Security?

check our faq

Do you need support for your Industrial Control System Security project?



Kenneth Lasoski

Kenneth Lasoski

Versa Networks

Evaluation team was extremely reasonable and flexible with resolution to findings and was helpful in finding agreeable solutions for CB comments. Consultation team was always responsive and helped shape the documentation for easier evaluation, and provided useful recommendations on satisfying SFR/SARs.

Thierry Bonda

Thierry Bonda


CCLab was well prepared, flexible during the whole evaluation process, and supported us with continuous communication and guidance. Many lessons were learnt during the project and CCLab has always been looking for solutions, supporting our developers the best way they could. The new Swiss evaluation methodology was a good and professional basis to work with, but both parties had to learn how to deal with it.

Jake Nelson

Jake Nelson

Corsec Security Inc.

The relationship between Corsec and CCLab has been instrumental in helping product vendors successfully complete the Common Criteria certification process. As a Common Criteria consultant to the product vendor, Corsec relies on CCLab’s responsiveness and expertise to quickly and thoroughly complete the testing component of the process. CCLab has been essential in managing multiple projects, their professionalism has helped ensure product vendor satisfaction and ultimate project success.

Alexander Testov

Alexander Testov

AO Kaspersky Lab.

"I would definitely recommend CCLab to anyone in need of Common Criteria certification. Our cooperation was comfortable, well organized and efficient. I am totally satisfied with the result."

Dayton Marcucci

Dayton Marcucci

HID Global

The CCLab team gave us full support to adapt to the changes during product development. Whatever the challenges faced they could keep the due dates and we were able to complete the process quickly and efficiently. The real agile lab helped our success. We are going to work with them again. I highly recommend them to anyone wanting to get its product certified.

Jaime Chica

Jaime Chica

NXP Semiconductors

It was a well-managed project which achieved success in an effortless manner.

Kalev Pihl

Kalev Pihl

SK ID Solutions

We needed a lab that works quickly but with high work morale and quality of work. CCLab is exactly like that! It was good cooperation experience to work with them. The project was rather complex and our expectations maybe even too high, but the team was committed to the common goals and could keep the milestones; therefore we were able to deliver what was needed. I highly recommend CCLab team to anyone for their great team spirit, quality orientations, agility and reasonable pricing.

Israr Ahmed

Israr Ahmed

Ascertia Ltd.

On behalf of Ascertia, accept my appreciation for the excellent job done by CCLab team over the past several months in achieving the Common Criteria Certificate for ADSS Server SAM solution. It was an enormous undertaking but went smoothly and efficiently! Thanks to your leadership and dedication combined with your staff's teamwork and energy, we achieved our target. You and your employees should take great pride in this accomplishment. We look forward to extend our work with you for our next certification milestone and hope will continue to get such excellent service.

Zsolt Rózsahegyi

Zsolt Rózsahegyi

I4P Informatics Ltd.

Thanks to the agile processes we've been able to add new features to the product during the evaluation that made it even more valuable to customers. CCLAB efficiently supported us throughout the whole change management process. The predictability, accurate scheduling, and supportive mindset helped us to finish the project in time.