A key standard for organizations with an operational technology environment is ISA/IEC 62443, a series of international standards and technical reports for industrial automation and control systems (IACS) security. While organizations will have varying levels of risk and fall into different security levels (SL), each foundational requirement (FR) in ISA/IEC 62443 is widely recognized and adopted by industry professionals and organizations around the world. The system requirements (SR) apply to control systems in IACS environments, and implementing these controls will extend robust security to all critical infrastructure environments.
Cyolo can help achieve any security level of ISA/IEC 62443 compliance by providing reliably fast connections, granular access control, multi-factor authentication (MFA), encryption, continuous monitoring, and compliance reporting capabilities. As companies connect to the control systems of their IACS, Cyolo excels in meeting security challenges and aligning with the ISA/IEC 62443 standards.
How Cyolo Supports ISA/IEC 62443 Compliance
Access Management: Cyolo deploys granular access controls to ensure that only authorized individuals can access IACS. The Cyolo solution provides dynamic, context-based access control policies that can adapt to changing circumstances, such as the user’s location, device type, and the sensitivity of the information being accessed.
Multi-Factor Authentication:Cyolo implements multi-factor authentication (MFA) to ensure that individuals are properly identified and authenticated before being granted access to IACS. Even legacy and offline systems that do not natively support modern authentication protocols can be retrofitted by Cyolo with MFA capabilities.
Encryption: Cyolo encrypts data from end-to-end and never decrypts the traffic in their cloud. This makes Cyolo a truly trustless zero-trust access solution, ideal for protecting access to IACS.
Continuous Monitoring: Cyolo continuously monitors and logs user activity to ensure that access to IACS is being used in accordance with applicable corporate policies and regulations.
How Cyolo Helps
Cyolo is a member of the ISA Global Cybersecurity Alliance. The Cyolo solution is designed to give users access to the resources they need while upholding the zero-trust model. It is built to support the real world, allowing companies to protect their entire network. With Cyolo, you can securely access the resources you need to get your work done, while keeping your IACS safe and operational.
Figure 1. Cyolo Zero-Trust Access controls that support compliance with ISA/IEC 62443
Cyolo Alignment with ISA/IEC 62443
62443-3-3.5
FR 1 – IDENTIFICATION AND AUTHENTICATION CONTROL
SR 1.1
Human user identification and authentication
SR 1.2
Software process and device identification and authentication
SR 1.3
Account management
SR 1.4
Identifier management
SR 1.5
Authenticator management
SR 1.6
Wireless access management
SR 1.7
Strength of password-based authentication
SR 1.8
Public key infrastructure (PKI) certificates
SR 1.9
Strength of public key authentication
SR 1.10
Authenticator feedback
SR 1.11
Unsuccessful login attempts
SR 1.12
System use notification
SR 1.13
Access via untrusted networks
62443-3-3.6
FR 2 – USE CONTROL
SR 2.1
Authorization enforcement
SR 2.4
Mobile code
SR 2.6
Remote session termination
SR 2.8
Auditable events
SR 2.9
Audit storage capacity
SR 2.10
Response to audit processing failures
SR 2.11
Timestamps
SR 2.12
Non-repudiation
62443-3-3.7
FR 3 – SYSTEM INTEGRITY
SR 3.1
Communication integrity
SR 3.2
Malicious code protection (SL-2)
SR 3.8
Session integrity
SR 3.9
Protection of audit information (SL-3)
62443-3-3.8
FR 4 – DATA CONFIDENTIALITY
SR 4.1
Information confidentiality
62443-3-3.9
FR 5 – RESTRICTED DATA FLOW
SR 5.1
Network segmentation
SR 5.2
Zone boundary protection
SR 5.3
General purpose person-to-person communication restrictions
