For each of the 7 Foundational Requirements, the standard propounds advice and recommendations to technical implementations that are applied in the OT-infrastructure in achieving the respective Security Levels. This is primarily addressed in 62443-3-3.
These technical suggestions are not specific to a particular product, technology, or supplier, but more generic concepts that are applied to heighten security levels in the OT-infrastructure.
Where are these standards obvious to use?
The different documents and standards will provide recommendations for utility- or production companies in working towards securing their OT-infrastructure:
- Organization of security (62443-1-1, 2-1, 2-2 & 2-4)
- Management of vulnerabilities and patching in OT-infrastructure (62443-2-3)
- Methods for completion of risk-assessments of OT-infrastructure (62443-3-2)
- Implementation of technical precautions in OT-infrastructure (62443-3-1 & 3-3)
- Requirements for certification of products with regards to security functions (62443-4-1 og 4-2)