The ISA Security Compliance Institute (ISCI, www.isasecure.org) announced on April 27 that it has posted two of three key elements of the ISASecure Embedded Device Security Assessment (EDSA) certification specification on its Web site.
ISASecure certification is intended to be used as a requirement in procurement documents. The ISASecure EDSA certification will provide asset owners with security assurances to a defined level for embedded devices that meet the ISASecure EDSA certification requirements. ISCI developed the ISASecure EDSA certification within the framework of the International Society of Automation’s ISA99 Industrial Automation and Control Systems security standards.
ISASecure EDSA comprises three elements: the Functional Security Assessment (FSA), the Software Development Security Assessment (SDSA), and the device Communication Robustness Testing (CRT). The two elements that ISCI published to its Web site are the FSA and SDSA certification specifications. They are available for download in PDF format. Upon final approval, all of the ISASecure EDSA certification specifications will be available on the ISCI Web site.
ISCI members, seeking to benefit the larger industrial automation controls security community, donated the ISASecure specifications to the ISA99 Standards Committee for consideration in their standards development process. ISCI invites individuals and organizations who desire to provide feedback on the specifications to communicate directly with the ISA99 standards committee. This will enable their input to be vetted via an open-consensus American National Standards Institute (ANSI) Standards process. To provide feedback, visit www.isa.org/ISA99.
The ISASecure program is being established as a globally recognized International Electrotechnical Commission (IEC) Guide 65 conformance scheme, with processes and requirements for accrediting organizations to provide certification services on behalf of ISCI and for recognizing tools authorized for use in CRT certification. Service organizations and test tool suppliers are encouraged to visit www.isasecure.org on June 1, when participation requirements will be posted, the ISCI said.
ISA Security Compliance Institute