IEC規格 CSA IEC/TR 62443-2-3, 2017(R2022): Security for industrial automation and control systems - Part 2-3: Patch management in the IACS environment

IEC規格 CSA IEC/TR 62443-2-3, 2017(R2022)

産業規格・仕様書  >  IEC  > 

産業規格・仕様書  >  CSA  > 




IEC規格 CSA IEC/TR 62443-2-3, 2017(R2022)

89,870(税込)

数量

書名

CSA IEC TR 62443-2-3, 2017(R2022): Security for industrial automation and control systems -
Part 2-3: Patch management in the IACS environment

IEC規格 CSA IEC/TR 62443-2-3, 2017(R2022): 産業オートメーションおよび制御システムのセキュリティ -
パート2-3: IACS環境におけるパッチ管理
発行元 International Electrotechnical Commission (IEC)
発行年/月 2017年9月   
装丁 ペーパー
ページ数 74 ページ
発送予定 海外倉庫よりお取り寄せ 1-2週間以内に発送します
※セキュアPDF版 (シングルユーザー)をご希望のお客様は別途お問合せ下さいませ。
※当ウェブ・ショップに掲載のない規格につきましては、別途お問合せ下さいませ。
※掲載の規格は、当ウェブ・ショップに掲載時点で確認できた最新版でございます。 最新の発行状況につきましては受注時に改めて確認をさせて頂きますので予めご了承下さい。


 

Description

This part of IEC 62443, which is a Technical Report, describes requirements for asset owners and industrial automation and control system (IACS) product suppliers that have established and are now maintaining an IACS patch management program.

This Technical Report recommends a defined format for the distribution of information about security patches from asset owners to IACS product suppliers, a definition of some of the activities associated with the development of the patch information by IACS product suppliers and deployment and installation of the patches by asset owners. The exchange format and activities are defined for use in security related patches; however, it may also be applicable for non-security related patches or updates.

The Technical Report does not differentiate between patches made available for the operating systems (OSs), applications or devices. It does not differentiate between the product suppliers that supply the infrastructure components or the IACS applications; it provides guidance for all patches applicable to the IACS. Additionally, the type of patch can be for the resolution of bugs, reliability issues, operability issues or security vulnerabilities.

NOTE 1 This Technical Report does not provide guidance on the ethics and approaches for the discovery and disclosure of security vulnerabilities affecting IACS. This is a general issue outside the scope of this report.

NOTE 2 This Technical Report does not provide guidance on the mitigation of vulnerabilities in the period between when the vulnerability is discovered and the date that the patch resolving the vulnerability is created. For guidance on multiple countermeasures to mitigate security risks as part of an IACS security management system (IACS-SMS), refer to, Annexes B.4.5, B.4.6 and B.8.5 in this Technical Report and other documents in the IEC 62443 series.