← Frameworks / IEC 62443 / Control Mappings

IEC 62443-3-3: Industrial Automation and Control Systems Security

International standard for industrial automation and control system (IACS) cybersecurity. Defines system security requirements across 7 foundational requirements: identification and authentication, use control, system integrity, data confidentiality, restricted data flow, timely response to events, and resource availability.

Controls: 57
Total Mappings: 75
Publisher: ISA/IEC Version: 2013
IEC 62443 → SP 800-53 SP 800-53 → IEC 62443 Coverage Analysis
AC (5) AU (8) CA (2) CM (4) CP (4) IA (5) IR (1) PL (3) PM (4) RA (6) SC (11) SI (4)

AC Access Control

Control Name IEC 62443 References
AC-02 Account Management
3-3 SR 1.3
AC-03 Access Enforcement
3-3 SR 2.13-3 SR 4.1
AC-04 Information Flow Enforcement
3-3 SR 2.13-3 SR 5.1
AC-05 Separation Of Duties
3-3 SR 1.3
AC-06 Least Privilege
3-3 SR 1.33-3 SR 2.1

AU Audit and Accountability

Control Name IEC 62443 References
AU-02 Auditable Events
3-3 SR 2.8
AU-03 Content Of Audit Records
3-3 SR 2.8
AU-04 Audit Storage Capacity
3-3 SR 2.93-3 SR 7.2
AU-05 Response To Audit Processing Failures
3-3 SR 2.9
AU-06 Audit Monitoring, Analysis, And Reporting
3-3 SR 6.1
AU-08 Time Stamps
3-3 SR 2.11
AU-09 Protection Of Audit Information
3-3 SR 6.1
AU-12 Audit Record Generation
3-3 SR 2.8

CA Security Assessment and Authorization

Control Name IEC 62443 References
CA-05 Plan Of Action And Milestones
2-1 4.4
CA-07 Continuous Monitoring
3-3 SR 6.2

CM Configuration Management

Control Name IEC 62443 References
CM-02 Baseline Configuration
3-3 SR 7.6
CM-06 Configuration Settings
3-3 SR 7.6
CM-07 Least Functionality
3-3 SR 7.63-3 SR 7.7
CM-14 Signed Components
3-3 SR 3.13-3 SR 3.4

CP Contingency Planning

Control Name IEC 62443 References
CP-02 Contingency Plan
3-3 SR 7.2
CP-06 Alternate Storage Site
3-3 SR 7.3
CP-09 Information System Backup
3-3 SR 7.3
CP-10 Information System Recovery And Reconstitution
3-3 SR 7.33-3 SR 7.4

IA Identification and Authentication

Control Name IEC 62443 References
IA-02 User Identification And Authentication
3-3 SR 1.1
IA-03 Device Identification And Authentication
3-3 SR 1.2
IA-05 Authenticator Management
3-3 SR 1.13-3 SR 1.53-3 SR 1.7
IA-08 Identification and Authentication (Non-Organizational Users)
3-3 SR 1.1
IA-09 Service Identification and Authentication
3-3 SR 1.2

IR Incident Response

Control Name IEC 62443 References
IR-04 Incident Handling
3-3 SR 7.4

PL Planning

Control Name IEC 62443 References
PL-09 Central Management
2-1 4.2
PL-10 Baseline Selection
3-3 SR 7.6
PL-11 Baseline Tailoring
3-3 SR 7.6

PM Program Management

Control Name IEC 62443 References
PM-01 Information Security Program Plan
2-1 4.2
PM-02 Information Security Program Leadership Role
2-1 4.2
PM-03 Information Security and Privacy Resources
2-1 4.2
PM-09 Risk Management Strategy
2-1 4.22-1 4.4

RA Risk Assessment

Control Name IEC 62443 References
RA-01 Risk Assessment Policy And Procedures
2-1 4.3
RA-02 Security Categorization
2-1 4.3
RA-03 Risk Assessment
2-1 4.32-1 4.4
RA-05 Vulnerability Scanning
2-1 4.3
RA-07 Risk Response
2-1 4.32-1 4.4
RA-09 Criticality Analysis
2-1 4.3

SC System and Communications Protection

Control Name IEC 62443 References
SC-05 Denial Of Service Protection
3-3 SR 7.13-3 SR 7.2
SC-06 Resource Priority
3-3 SR 7.2
SC-07 Boundary Protection
3-3 SR 5.13-3 SR 5.2
SC-08 Transmission Integrity
3-3 SR 3.13-3 SR 4.1
SC-18 Mobile Code
3-3 SR 2.4
SC-24 Fail in Known State
3-3 SR 7.13-3 SR 7.4
SC-28 Protection of Information at Rest
3-3 SR 4.1
SC-32 System Partitioning
3-3 SR 5.1
SC-45 System Time Synchronization
3-3 SR 2.11
SC-46 Cross Domain Policy Enforcement
3-3 SR 5.13-3 SR 5.2
SC-48 Sensor Relocation
3-3 SR 6.2

SI System and Information Integrity

Control Name IEC 62443 References
SI-04 Information System Monitoring Tools And Techniques
3-3 SR 6.2
SI-07 Software And Information Integrity
3-3 SR 3.13-3 SR 3.4
SI-10 Information Accuracy, Completeness, Validity, And Authenticity
3-3 SR 3.5
SI-16 Memory Protection
3-3 SR 3.4