Contact person
Ted Strandberg
Projektledare
Contact Ted
ISA/IEC 62443-4 for industrial Automation and Control Systems, IACS
RISE performs accredited testing and evaluation of cybersecurity for IACS components. Cybersecurity testing is conducted according to the product parts of the IACS based on 62443-4 standards, SS-EN IEC 62443-4-1 and SS-EN IEC 62443-4-2.
What Standard 62443‑4‑X covers
The standard consists of two core parts that together address both the development process and the technical security requirements for industrial components.
Part 1: Swedish Standard SS‑EN IEC 62443‑4‑1
Security for industrial automation systems – Part 4‑1: Secure product development lifecycle requirements
This part defines the requirements for designing, implementing, verifying, maintaining, and supporting a product throughout its entire lifecycle. It covers areas such as security management, requirements specification, secure design and implementation, verification and validation, vulnerability and update management, and security guidelines.
Part 2: Swedish Standard SS‑EN IEC 62443‑4‑2
Security for industrial automation systems – Part 4‑2: Technical security requirements for IACS components
This part defines technical security requirements for four categories of components:
- Software applications
- Embedded devices
- Host devices
- Network devices
Key requirement areas include identification and authentication, access control, system integration, data confidentiality, data flow control, event handling, and resource availability.
Why evaluation according to 62443‑4‑X matters
Manufacturers of industrial components want to demonstrate that their products meet international cybersecurity requirements, that their development processes follow best practices according to 4‑1, and that their components fulfil the technical security requirements in 4‑2. An evaluation according to 62443‑4‑X also shows that products can be integrated into secure IACS environments. For customers—especially within critical infrastructure—this reduces both risk and uncertainty during procurement.
How RISE conducts the evaluation
RISE performs evaluations according to ISA/IEC 62443‑4‑X by focusing on the practical cybersecurity requirements for industrial components and how parts 4‑1 (secure development) and 4‑2 (technical product requirements) work together. This provides a clear foundation for understanding which requirements apply and how they are implemented throughout the product lifecycle. For those who want to deepen their knowledge, RISE also offers a course that covers the 62443‑4 series in practice.
How the evaluation benefits you as a customer
- Clear cybersecurity level — you receive an independent assessment of component security against internationally recognized requirements.
- Stronger supplier trust — suppliers can demonstrate that their products and processes are reliable.
- Security by design — the evaluation aligns with industry expectations for products that are secure from the outset.
- Meets regulatory expectations — procurers and authorities receive the documentation they need to make informed decisions.
Method
Evaluation will be carried out in accordance with ISO/IEC 17025 and the accredited standards in our laboratories in Borås.
Delivery
The result of our evaluation is compiled in an accredited report.
