Thursday, April 29, 2010

EMBEDDED DEVICE SECURITY ASSESMENT SPECS

ISA Security Compliance Institute Publishes Embedded Device Security Assessment Specifications

The ISA Security Compliance Institute (ISCI) announced that it has posted two of three key elements of the ISASecure™ Embedded Device Security Assessment (EDSA) certification specification on its website. ISASecure certification is intended to be used as a requirement in procurement documents. The ISASecure EDSA certification provides asset owners with security assurances to a defined level for embedded devices that meet the ISASecure EDSA certification requirements.

ISCI developed the ISASecure EDSA certification within the framework of the ISA99 Industrial Automation and Control Systems security standards. ISASecure EDSA comprises three elements: the Functional Security Assessment (FSA), the Software Development Security Assessment (SDSA), and the device Communication Robustness Testing (CRT). Details on each element are available on the ISCI website.

The two elements that ISCI published to its website are the FSA and SDSA certification specifications. They are available for download in PDF format. Upon final approval, all of the ISASecure EDSA certification specifications will be available to the public on the ISCI website.

ISCI Members, seeking to benefit the larger industrial automation controls security community, donated the ISASecure specifications to the ISA99 Standards Committee for consideration in their standards development process. ISCI invites individuals and organizations who desire to provide feedback on the specifications to communicate directly with the ISA99 standards Committee. This will enable their input to be vetted via an open-consensus ANSI Standards process.

The ISASecure program is being established as a globally recognized IEC Guide 65 conformance scheme, with processes and requirements for accrediting organizations to provide certification services on behalf of ISCI and for recognizing tools authorized for use in CRT certification. Service organizations and test tool suppliers are encouraged to visit the website on 1 June 2010, when participation requirements will be posted.

No comments:

Post a Comment