GB/T 40682-2021 Security for industrial automation and control system—Security program requirements for IACS service providers

Scope

This standard defines a series of comprehensive requirements for the security capabilities that IACS service providers can provide to asset owners during the integration and maintenance of automation solutions. Since not all requirements are applicable to all industrial sectors and organizations, Section 4.1.4 provides a subset of these requirements for industry regulations. Industry regulations are used to adapt this standard to specific environments, including those not based on IACS.
Note 1: The term "automation solutions" is used as a proper noun in this standard to avoid confusion with other uses of this term. In this standard, "security" refers to "cybersecurity".
In summary, the security capabilities provided by IACS service providers are referred to as security procedures. In relevant specifications, IEC 62443-2-1 describes the requirements for asset owners' security management systems.
Note 2: These security capabilities typically refer to policies, procedures, practices, and relevant personnel.
Figure 1 illustrates how integration and maintenance capabilities are related to IACS and control system products integrated into automation solutions. Some capabilities refer to the security measures defined in IEC 62443-3-3, and service providers must ensure that these measures are supported in automation solutions (either included in control system products or added separately to automation solutions).

Development Information

Adopt standards

Related Standards