GB/T 42445-2023 Active National standards

GB/T 42445-2023 Security for industrial automation and control systems—Patch management in the IACS environment

Publish Date: 2023-03-17 Implement Date: 2023-10-01 For services related to genuine standard inquiry, procurement, translation, and other related services in China, please Contact Us

Basic Information

Standard Code: GB/T 42445-2023

Standard Type: National standards

Standard Status: Active

is_force_gb: no

CCS Name: Industrial automation instrumentation and control devices

ICS Name: Industrial automation systems

Publish Date: 2023-03-17

Implement Date: 2023-10-01

Pages: 55 pages

Scope

This document describes the requirements for asset owners and IACS product suppliers who have already established and are maintaining patch management plans for industrial automation and control systems (IACS). The document recommends a well-defined format for asset owners and IACS product suppliers to distribute security patch information, and defines a number of related activities such as the development of patch information by IACS product suppliers and the deployment and installation of patches by asset owners. The defined exchange format and activities are primarily used for security-related patches. The exchange format and activities are defined for security-related patches, but may also be applied to non-security-related patches or updates. This document does not distinguish between operating system (OS), application, or device patches, nor does it distinguish between product suppliers that provide infrastructure components or IACS applications. Instead, it provides guidance applicable to all patches for IACS. Additionally, patch types can be used to address defects, reliability issues, operability issues, or security vulnerabilities.