Industry IoT Consortium updates IoT security maturity model
The Industry IoT Consortium (IIC) and the International Society of Automation updated the IoT security maturity model (SMM): ISA/IEC 62443 mappings for asset owners and product suppliers and service suppliers. The updates consider updates to the 62443-2-1 standard for industrial automation and control systems (IACS) security programmes.
ISA/IEC 62443-2-1 removes material on the information security management programme (ISMS), allowing stakeholders to rely on ISO/IEC 27001 for the information security programme and ISO/IEC 27002 for related controls. ISA/IEC 62443-2-1 retains OT-specific requirements for security programmes.
Correspondingly, the SMM mappings add a new section of SMM practice mappings to Edition 2 of ISA/IEC 62443-2-1 and relevant ISO/IEC 27001 and 27002 requirements. The SMM: ISA/IEC 62443 mappings for asset owners, product suppliers, and service suppliers retains Edition 1 mappings and other corrections and clarifications.
“Together with IoT SMM industry profiles, the mappings are a powerful tool to allow organisations to identify what they need to accomplish within their industries and when deploying certain types of solutions, such as digital twins,” says Ron Zahavi, CEO, Auron Technologies, and one of the SMM authors.
“This new guidance extends the previously published IoT security maturity model (SMM): ISA/IEC62443 Mappings for asset owners, product suppliers, and service suppliers by incorporating updates to the 62443-2-1 standard, thus giving practical guidance to practitioners who wish to improve their security maturity,” says Frederick Hirsch, co-chair of the joint IIC-ISA SMM group and co-author of the paper. “The updated IoT SMM document extends the guidance of the IoT security maturity model and its profiles so that once maturity level targets and assessments are understood, organisations may use the current ISA/IEC 62443 guidance to help achieve maturity targets.”
“It’s not about adding more security but about implementing the appropriate security measures,” says Pierre Kobes, an ISA99 and IEC Technical Committee 65 member. “The updated IoT SMM: ISA/IEC 62443 mappings for asset owners and product suppliers helps companies select the adequate security levels commensurate with their expected level of risk. The ISA/IEC 62443 standards are significant for industrial automation and control system security programmes, providing proven and accepted engineering practices, increasing the power of using the IoT security maturity model.”
To download the updated IoT SMM: ISA/IEC 62443 mappings for asset owners, product suppliers, and service providers, visit IIC and ISA. A complete list of the contributing authors is available in the document.
Comment on this article below or via Twitter @IoTGN