IEC 62443-3-3: Industrial Automation and Control Systems Security
International standard for industrial automation and control system (IACS) cybersecurity. Defines system security requirements across 7 foundational requirements: identification and authentication, use control, system integrity, data confidentiality, restricted data flow, timely response to events, and resource availability.
| Clause | Title | SP 800-53 Controls |
|---|---|---|
| 2-1 4.2 | Security management system | |
| 2-1 4.3 | Security risk assessment | |
| 2-1 4.4 | Addressing risk with the security management system | |
| 3-3 SR 1.1 | Human user identification and authentication | |
| 3-3 SR 1.2 | Software process and device identification and authentication | |
| 3-3 SR 1.3 | Account management | |
| 3-3 SR 1.5 | Authenticator management | |
| 3-3 SR 1.7 | Strength of password-based authentication | |
| 3-3 SR 2.1 | Authorization enforcement | |
| 3-3 SR 2.4 | Mobile code | |
| 3-3 SR 2.8 | Auditable events | |
| 3-3 SR 2.9 | Audit storage capacity | |
| 3-3 SR 2.11 | Timestamps | |
| 3-3 SR 3.1 | Communication integrity | |
| 3-3 SR 3.4 | Software and information integrity | |
| 3-3 SR 3.5 | Input validation | |
| 3-3 SR 4.1 | Information confidentiality | |
| 3-3 SR 5.1 | Network segmentation | |
| 3-3 SR 5.2 | Zone boundary protection | |
| 3-3 SR 6.1 | Audit log accessibility | |
| 3-3 SR 6.2 | Continuous monitoring | |
| 3-3 SR 7.1 | Denial of service protection | |
| 3-3 SR 7.2 | Resource management | |
| 3-3 SR 7.3 | Control system backup | |
| 3-3 SR 7.4 | Control system recovery and reconstitution | |
| 3-3 SR 7.6 | Network and security configuration settings | |
| 3-3 SR 7.7 | Least functionality |