Saturday 13 November 2010

Secure certification

exida is first certification lab to achieve ANSI/ACLASS accreditation for ISASecure EDSA Certification program

The ISA Security Compliance Institute (ISCI) announced that exida has earned provisional accreditation for providing ISASecure EDSA Certification services under ISCI’s globally recognised cybersecurity conformance scheme.
About ISASecure EDSA Certification

The ISASecure program has been developed by the ISA Security Compliance Institute (ISCI) with a goal to accelerate industry-wide improvement of cybersecurity for Industrial Automation and Control Systems (IACS). It achieves this goal by offering a common industry-recognized set of device and process requirements that drive device security, simplifying procurement for asset owners and device assurance for equipment vendors.

ISASecure Embedded Device Security Assurance Certification (ISASecure EDSA), the first ISASecure certification, focuses on security of embedded devices and addresses device characteristics and supplier development practices for those devices. Through this certification, an embedded device that meets the requirements of the ISASecure specifications receives the ISASecure EDSA certification—a trademarked designation that provides instant recognition of product security characteristics and capabilities. ISASecure EDSA offers three certification levels for a device based on increasing levels of device security assurance: ISASecure Level 1 for Devices, ISASecure Level 2 for Devices, and ISASecure Level 3 for Devices.

The ISASecure EDSA certification is an ISO/IEC Guide 65 conformance scheme supporting ISCI’s goal to operate a globally recognized industrial automation controls cybersecurity certification program. This third-party accreditation by ANSI/ACLASS enhances the credibility and value of the ISASecure certification by attesting to the competence and qualification of ISCI certification bodies and laboratories.

During the month of October, ANSI/ACLASS assessors evaluated exida’s operational conformance to requirements in ISO/IEC Guide 65 (EN45011), ISO/IEC 17011 and ISO/IEC 17025 guidelines, and the ISASecure EDSA Certification program definition. Having satisfactorily demonstrated conformance to all elements in these rigorous requirements for quality and technical competency, exida is the first certification lab to achieve this designation in the ISASecure EDSA Certification program.

”exida is a highly respected organization staffed with some of the industry’s most talented engineers in the fields of safety and security,” stated Andre Ristaino, ISCI managing director. "With operating sites located strategically around the globe, exida establishes the operational foundation for ISCI’s internationally recognized cybersecurity certification program.”
Suppliers seeking to certify embedded devices are directed to contact exida, who will conduct certifications on behalf of ISCI. exida is uniquely qualified to provide both the device testing and organizational assessments required in the ISASecure EDSA Certification. The certification consists of three elements: a device Functional Security Assessment (FSA), a device Communication Robustness Test (CRT), and an organizational Software Development Security Assessment (SDSA).

Dr. William Goble, managing director of exida, stated, “The ISCI cybersecurity certification program fits well with our functional safety certification program. Recent events have shown that a strong control system cybersecurity defense is an essential part of control system safety and availability. That defense starts with industrial control devices such as PLC, DCS, SIS, and SCADA controllers that are resilient to rogue communications and unauthorized access and developed with a security mindset.”

About the ISA Security Compliance Institute
Founded in 2007, the ISA Security Compliance Institute’s mission is to provide the highest level of assurance possible for the cyber security of industrial automation control systems.

The Institute was established by thought leaders from major organizations in the industrial automation controls community seeking to improve the cyber security posture of Critical Infrastructure for generations to come. Founding Members include Chevron, ExxonMobil Research and Engineering, Honeywell, Invensys, Siemens, and Yokogawa. Key Technical Members include Exida, Mu Dynamics, and Rockwell Automation.

The Institute’s goals are realized through industry standards compliance programs, education, technical support, and improvements in suppliers’ development processes and users’ life cycle management practices. The Institute’s ISASecure™ designation ensures that industrial automation control products conform to industry consensus cyber security standards, providing confidence to users of ISASecure™ products and systems and creating product differentiation for suppliers conforming to the ISASecure™ specification.

No comments:

Post a Comment