IC47 will fulfill some aspects of accreditation requirements for certification bodies around personnel qualifications.
Who Should Attend IC47?
- IACS product suppliers
- Process development engineers and internal auditors
- System and component product architects
- Product development engineers (hardware, software)
- IACS Conformance/Certification Assessors
- Independent or employed by a certification and assessment body
- IT cybersecurity auditors transitioning to IACS cybersecurity certifications and assessments
- IACS engineers transitioning to IACS cybersecurity certifications and assessments
View Offerings by Format
Classroom (IC47)Length: 3 days |
Virtual Classroom (IC47V)Length: 3 days |
Visit our course formats page for a detailed description of each format.
Learning Objectives
Day One
- Recognize the basic principles of control systems
- Identify different types of control systems
- Identify the architectural requirements of control systems
- Recognize why ISA/IEC 62443 standards are important
- Determine which ISA/IEC 62443 standards are relevant to product development
- Identify the principal roles and audience for the ISA/IEC 62443 standards
- Identify the key ideas in the ISA/IEC 62443 series of standards
- Define the basics of risk assessment, security zone partitioning, and security level selection
- Apply the basics of risk assessment, security zone partitioning, and security level selection
- Define the requirements for an ISASecure CSA, SSA, or SDLA certification
Day Two
- Identify the requirements for a product security development lifecycle and the patch management process
- Define the threat modeling process that product suppliers use for product risk assessment
- Apply the requirements for the threat modeling process
- Identify the criteria for being an ISASecure assessor
- Define the criteria for SDLA certification Identify the assessment details for an SDLA assessment
- Identify the artifacts generated by following the 62443-4-1 development processes
- Describe the contents of an SDLA assessment report and certificate Identify the steps to assessing a product security development lifecycle
Day Three
- Identify requirement constraints that are common across all IACS systems and components
- Identify the identification and authentication control (IAC) and use control (UC) security requirements for IACS systems and components
- Identify the system integrity (SI) and resource availability (RA) security requirements for IACS systems and components
- Identify the data confidentiality (DC), restricted data flow (RDF) and timely response to events (TRE) security requirements for IACS systems and components
- Identify the association between security requirements and security levels
- Identify the ISASecure SSA and CSA certification requirements
- Identify the detailed assessment activities for an ISASecure SSA or CSA assessments
- Describe the contents of an ISASecure SSA and CSA assessment reports
- Apply the steps to assessing a product
Topics Covered
- IACS fundamentals Relevant ISA/IEC 62443 standards and technical reports
- Part 2-3 Patch management in the IACS environment
- Part 3-2 Security risk assessment for system design
- Part 3-3 IACS system security requirements and security levels
- Part 4-1 IACS product security development lifecycle requirements
- Part 4-2 Technical security requirements for IACS components
- ISASecure certification programs
- Security Lifecycle Development Assurance (SDLA)
- System Security Assurance (SSA)
- Component Security Assurance (CSA)
Exercises
- Security development lifecycle assessment exercise
- Control system product assessment exercise