IEC 62443: The risk management standard for industrial automation and control systems
Proekspert helps device manufacturers prepare for the EU Cyber Resilience Act (CRA). One big part of the CRA Act is introducing cybersecurity rules for manufacturers and developers of products with digital elements, covering both hardware and software.
Many companies conduct cybersecurity audits to get a better overview of their current situation. Proekspert offers self-assessment service to industrial device manufacturing companies as they prepare for IEC 62443 certification.
Why Proekspert
Proekspert has 20+ years of experience in developing industrial embedded platforms and service tools. While serving our clients, we follow IEC 62443 standards during analysis and development. Our engineers are skilled in conducting analysis of development processes and products to identify possible vulnerabilities and cybersecurity risks.
We help industrial device manufacturing companies with self-assessment or third-party assessment needed in the process of preparing for IEC 62443 certification.
IEC 62443 is an international series of standards that address cybersecurity for operational technology in automation and control systems. The standard describes both technical and process-related aspects of automation and control systems cybersecurity. The purpose of the standard is to help suppliers, system integrators, and manufacturers comply with process requirements and to address security concerns along the supply chain.
Before certification, an assessment must be conducted. There are two possibilities: (1) self-assessment and (2) third-party assessment.
To assess current state of cybersecurity for operational technology in automation and control systems we follow:
Requirements for development processes
Requirements for product/component
Requirements for systems
Tools we use for the IEC 62443 compliance analysis:
Threat model visualization to identify cyber security threats (STRIDE methodology)
Security risk structuring to classify exploits and attack vectors (Mitre ICS Matrix)
Software composition analysis to identify and manage open-source components and potential security vulnerabilities in code (Polaris Black Duck)
Static analysis of product source code to detect and fix code defects and ensure code quality and security (Polaris Coverity Scan)
Proekspert provides support for industrial device manufacturing companies at self-assessment or third-party assessment needed in the process of preparing for IEC 62443 certification.
Results of the assessment services:
Among other things, we can also help you prepare for the EU CRA:
Discover how Shield-loT enables organizations to monitor and secure any loT device, application and network
Our experienced engineers can help assess cyber risks concerning your product. Leave your contacts below, and let's have a quick online call to see if we are the right partner for you.
Your message has been sent. Our team will get back to you as soon as possible!