ISA releases industrial cyber security management standard

ANSI has approved a second standard in the ISA99 Security for Industrial Automation and Control Systems series. The new standard describes cyber security management criteria, including policies, procedures, practices and personnel.

By Plant Engineering Staff February 10, 2009

A second standard in the ISA99 series Security for Industrial Automation and Control Systems has been approved by the American National Standards Institute (ANSI). The new standard, ANSI/ISA-99.02.01-2009, Establishing an Industrial Automation and Control Systems Security Program , describes elements to set up a cyber security management system and provides guidance on how to meet the requirements for each element. Topics include policies, procedures, practices and personnel.
“The great value of this standard is that it draws together the best thinking on industrial cyber security management from experts at leading companies and organizations across the globe,” said Jim Gilsinn of the U.S. National Institute of Standards and Technology (NIST). Gilsinn served as the lead editor for the standard.
The new standard follows last year’s publication of the first standard in the series, ANSI/ISA-99.00.01, which serves as the basis of all standards in the ISA99 series by presenting key concepts, terminology and models. Additional ISA99 standards under development will cover how to operate a security program after it is designed and implemented, and technical security requirements for industrial automation and control systems.
As American National Standards, the ISA99 series serves as the foundation for the IEC 62443 series of the same titles, which is being developed by IEC TC65 WG10, Security for industrial process measurement and control — Network and system security .
Also vital in ISA’s industry-leading work in cyber security for industrial automation and control systems is the ISA Security Compliance Institute. The Institute will identify and promote security standards-compliant products and systems in industrial applications. Compliant products or systems will be entitled to carry the ISASecure designation, providing instant recognition of the security characteristics to asset owners, integrators, and the buying public.
Standards may be obtained at www.isa.org/standards . For more information, visit www.isa.org/ISASecure .