没有合适的资源?快使用搜索试试~ 我知道了~
IEC 62443-3-3 工业通信网络 网络和系统安全.pdf
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
5星 · 超过95%的资源 3 下载量 159 浏览量
2023-01-10
10:42:47
上传
评论
收藏 1.67MB PDF 举报
温馨提示
试读
83页
IEC 62443-3-3 工业通信网络 网络和系统安全.pdf
资源推荐
资源详情
资源评论
IEC 62443-3-3
Edition 1.0 2013-08
INTERNATIONAL
STANDARD
Industrial communication networks – Network and system security –
Part 3-3: System security requirements and security levels
IEC 62443-3-3:2013(E)
®
colour
inside
THIS PUBLICATION IS COPYRIGHT PROTECTED
Copyright © 2013 IEC, Geneva, Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester.
If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication,
please contact the address below or your local IEC member National Committee for further information.
IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.
Useful links:
IEC publications search - www.iec.ch/searchpub
The advanced search enables you to find IEC publications
by a variety of criteria (reference number, text, technical
committee,…).
It also gives information on projects, replaced and
withdrawn publications.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published
details all new publications released. Available on-line and
also once a month by email.
Electropedia - www.electropedia.org
The world's leading online dictionary of electronic and
electrical terms containing more than 30 000 terms and
definitions in English and French, with equivalent terms in
additional languages. Also known as the International
Electrotechnical Vocabulary (IEV) on-line.
Customer Service Centre - webstore.iec.ch/csc
If you wish to give us your feedback on this publication
or need further assistance, please contact the
Customer Service Centre: csc@iec.ch.
IEC 62443-3-3
Edition 1.0 2013-08
INTERNATIONAL
STANDARD
Industrial communication networks – Network and system security –
Part 3-3: System security requirements and security levels
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
XC
ICS 25.040.40; 35.110
PRICE CODE
ISBN 978-2-8322-1036-9
® Registered trademark of the International Electrotechnical Commission
®
Warning! Make sure that you obtained this publication from an authorized distributor.
colour
inside
– 2 – 62443-3-3 © IEC:2013(E)
CONTENTS
FOREWORD ........................................................................................................................... 9
0
Introduction .................................................................................................................... 11
0.1
Overview ............................................................................................................... 11
0.2
Purpose and intended audience ............................................................................ 12
0.3
Usage within other parts of the IEC 62443 series .................................................. 12
1
Scope ............................................................................................................................. 14
2
Normative references ..................................................................................................... 14
3
Terms, definitions, abbreviated terms, acronyms, and conventions ................................. 14
3.1
Terms and definitions ............................................................................................ 14
3.2
Abbreviated terms and acronyms .......................................................................... 20
3.3
Conventions .......................................................................................................... 22
4
Common control system security constraints .................................................................. 22
4.1
Overview ............................................................................................................... 22
4.2
Support of essential functions ............................................................................... 23
4.3
Compensating countermeasures ........................................................................... 23
4.4
Least privilege ....................................................................................................... 24
5
FR 1 – Identification and authentication control .............................................................. 24
5.1
Purpose and SL-C(IAC) descriptions ..................................................................... 24
5.2
Rationale ............................................................................................................... 24
5.3
SR 1.1 – Human user identification and authentication .......................................... 24
Requirement .............................................................................................. 24
5.3.1
Rationale and supplemental guidance ....................................................... 24
5.3.2
Requirement enhancements ...................................................................... 25
5.3.3
Security levels ........................................................................................... 25
5.3.4
5.4
SR 1.2 – Software process and device identification and authentication ................ 26
Requirement .............................................................................................. 26
5.4.1
Rationale and supplemental guidance ....................................................... 26
5.4.2
Requirement enhancements ...................................................................... 26
5.4.3
Security levels ........................................................................................... 27
5.4.4
5.5
SR 1.3 – Account management ............................................................................. 27
Requirement .............................................................................................. 27
5.5.1
Rationale and supplemental guidance ....................................................... 27
5.5.2
Requirement enhancements ...................................................................... 27
5.5.3
Security levels ........................................................................................... 27
5.5.4
5.6
SR 1.4 – Identifier management ............................................................................ 28
Requirement .............................................................................................. 28
5.6.1
Rationale and supplemental guidance ....................................................... 28
5.6.2
Requirement enhancements ...................................................................... 28
5.6.3
Security levels ........................................................................................... 28
5.6.4
5.7
SR 1.5 – Authenticator management ..................................................................... 28
Requirement .............................................................................................. 28
5.7.1
Rationale and supplemental guidance ....................................................... 28
5.7.2
Requirement enhancements ...................................................................... 29
5.7.3
Security levels ........................................................................................... 29
5.7.4
5.8
SR 1.6 – Wireless access management ................................................................. 30
Requirement .............................................................................................. 30
5.8.1
62443-3-3 © IEC:2013(E) – 3 –
Rationale and supplemental guidance ....................................................... 30
5.8.2
Requirement enhancements ...................................................................... 30
5.8.3
Security levels ........................................................................................... 30
5.8.4
5.9
SR 1.7 – Strength of password-based authentication ............................................. 30
Requirement .............................................................................................. 30
5.9.1
Rationale and supplemental guidance ....................................................... 30
5.9.2
Requirement enhancements ...................................................................... 31
5.9.3
Security levels ........................................................................................... 31
5.9.4
5.10
SR 1.8 – Public key infrastructure (PKI) certificates ............................................... 31
Requirement .............................................................................................. 31
5.10.1
Rationale and supplemental guidance ....................................................... 31
5.10.2
Requirement enhancements ...................................................................... 32
5.10.3
Security levels ........................................................................................... 32
5.10.4
5.11
SR 1.9 – Strength of public key authentication ...................................................... 32
Requirement .............................................................................................. 32
5.11.1
Rationale and supplemental guidance ....................................................... 32
5.11.2
Requirement enhancements ...................................................................... 33
5.11.3
Security levels ........................................................................................... 33
5.11.4
5.12
SR 1.10 – Authenticator feedback ......................................................................... 33
Requirement .............................................................................................. 33
5.12.1
Rationale and supplemental guidance ....................................................... 33
5.12.2
Requirement enhancements ...................................................................... 33
5.12.3
Security levels ........................................................................................... 33
5.12.4
5.13
SR 1.11 – Unsuccessful login attempts .................................................................. 34
Requirement .............................................................................................. 34
5.13.1
Rationale and supplemental guidance ....................................................... 34
5.13.2
Requirement enhancements ...................................................................... 34
5.13.3
Security levels ........................................................................................... 34
5.13.4
5.14
SR 1.12 – System use notification ......................................................................... 34
Requirement .............................................................................................. 34
5.14.1
Rationale and supplemental guidance ....................................................... 34
5.14.2
Requirement enhancements ...................................................................... 35
5.14.3
Security levels ........................................................................................... 35
5.14.4
5.15
SR 1.13 – Access via untrusted networks .............................................................. 35
Requirement .............................................................................................. 35
5.15.1
Rationale and supplemental guidance ....................................................... 35
5.15.2
Requirement enhancements ...................................................................... 35
5.15.3
Security levels ........................................................................................... 35
5.15.4
6
FR 2 – Use control ......................................................................................................... 36
6.1
Purpose and SL-C(UC) descriptions ...................................................................... 36
6.2
Rationale ............................................................................................................... 36
6.3
SR 2.1 – Authorization enforcement ...................................................................... 36
Requirement .............................................................................................. 36
6.3.1
Rationale and supplemental guidance ....................................................... 36
6.3.2
Requirement enhancements ...................................................................... 37
6.3.3
Security levels ........................................................................................... 37
6.3.4
6.4
SR 2.2 – Wireless use control ............................................................................... 37
Requirement .............................................................................................. 37
6.4.1
Rationale and supplemental guidance ....................................................... 38
6.4.2
剩余82页未读,继续阅读
资源评论
- weixin_454355222024-02-28资源不错,很实用,内容全面,介绍详细,很好用,谢谢分享。
- qq_597223472024-03-06感谢大佬分享的资源给了我灵感,果断支持!感谢分享~
- qq_306689812023-06-02这个资源值得下载,资源内容详细全面,与描述一致,受益匪浅。
每天读点书学堂
- 粉丝: 93
- 资源: 1万+
下载权益
C知道特权
VIP文章
课程特权
开通VIP
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功