Second ISA99 Standard Gets ANSI Approval

The new ANSI/ISA standard covers policies, procedures, practices and personnel issues involved in setting up a cyber security management system.

The International Society for Automation (ISA, www.isa.org) announced on Feb 5 that a second standard in the ISA99 series Security for Industrial Automation and Control Systems has been approved by the American National Standards Institute (ANSI).

The new standard, ANSI/ISA-99.02.01-2009, Establishing an Industrial Automation and Control Systems Security Program, describes elements to set up a cyber security management system and provides guidance on how to meet the requirements for each element. Topics include policies, procedures, practices, and personnel.

“The great value of this standard is that it draws together the best thinking on industrial cyber security management from experts at leading companies and organizations across the globe,” says Jim Gilsinn, an electrical engineer at the Manufacturing Systems Laboratory of the U.S. National Institute of Standards and Technology, Gaithersburg, Md. Gilsinn served as the lead editor for the standard.

Second in line

The new standard follows last year’s publication of the first standard in the series, ANSI/ISA-99.00.01, which serves as the basis of all standards in the ISA99 series by presenting key concepts, terminology, and models. Additional ISA99 standards under development will cover how to operate a security program after it is designed and implemented, and technical security requirements for industrial automation and control systems.

As American National Standards, the ISA99 series serves as the foundation for the International Electrotechnical Commission’s IEC 62443 series of the same titles, as being developed by IEC TC65 WG10, “Security for industrial process measurement and control - Network and system security.”

International Society of Automation
www.isa.org

More in Control