Thursday, July 10, 2014

Security development lifecycle assurance (SDLA) certification!

The ISASecure® SDLA certification for organisations that develop industrial automation and control systems (IACS) is now available. This new organisational certification ensures that suppliers include cybersecurity requirements in all phases of their development and maintenance lifecycle processes for IACS products.

The (SDLA) certification ensures that a supplier’s product development organization has institutionalized cybersecurity into their product development and support lifecycle processes and follows them consistently on an ongoing basis. The objective of this certification is to ensure that cybersecurity is designed into IACS products from the beginning and is followed throughout all product development and support lifecycle phases. SDLA is aligned to certify to ISA/IEC 62443-3-1. The SDLA program description and certification specifications are available for download in pdf format from the ISCI (ISA Security Compliance Institute) website.

Supplier organisations are encouraged to contact an ISASecure-accredited lab for details on how to certify their organisations’ product development and support lifecycle processes. Supplier organizations earning this designation may use the phrase, An ISASecure SDLA certified development organization,” when describing their certified organizations.

ISCI has been certifying embedded devices under the Embedded Device Security Assurance certification (ISASecure EDSA) scheme since 2010. EDSA, the first ISASecure certification, assures cybersecurity for off-the-shelf embedded devices and lists certified devices from prominent suppliers such as Honeywell and Yokogawa.

The ISASecure™ program has been developed by the ISA Security Compliance Institute (ISCI) with a goal to accelerate industry-wide cybersecurity improvement for IACS. ISASecure certifications are based upon international cybersecurity standards including the ISA/IEC 62443 series, ISO 27001and other relevant industry-consensus standards.

The ISASecure IACS cybersecurity certification program is an ISO/IEC Guide 65 conformance scheme supporting ISCI’s goal to operate a globally recognized IACS cybersecurity certification program. Independent third-party accreditation of ISCI labs by IEC accreditation bodies (AB) such ANSI/ACLASS and JAB ensures the credibility and value of the ISASecure certification by objectively attesting to the competence and qualification of ISCI certification bodies (CB) and laboratories.

No comments:

Post a Comment