制御システムにおける ... - ipa.go.jp

1 iec62443 -2-1 1 IPA 4 1 2011/9 2012/12 WG WG ( ) iec62443 -2-1 ISMS(ISO/IEC27001) The author thanks the International Electrotechnical Commission (IEC) for permission to reproduce Information from its International Publication IEC 62443-2-1 ed.

2 (2010-11) All such extracts are copyright of IEC, Geneva, Switzerland. All rights reserved. Further information on the IEC is available from IEC has no responsibility for the placement and context in which the extracts and contents are reproduced by the author, nor is IEC in any way responsible for the other content or accuracy therein. 1 IT 2010 2 1.. 3 .. 3 iec62443 .. 4 .. 4 .. 5 .. 7 .. 8 .. 8 Annex .. 10 Annex A .. 10 B .. 12 Annex B .. 12 .CSMS .. 12 .. 15 ISO/IEC27001 .. 16 .. 16 .. 20 .. 20 ISA-62443-3-3( iec62443 -3-3) .. 21 .. 21 .. 24 .. 25 1.

3 iec62443 -2-1 AnnexA 2. iec62443 -2-1 ISO27001 3 1. Windows UNIX LAN 10 20 OS 24 365 2010 Stuxnet 4

4 iec62443 1-1 1-1. EU ESCoRTS 1-2 ISA99 iec62443 5 iec62443 1-1 iec62443 2012 3 draft iec62443 4 12 iec62443 -1 2 3 4 iec62443 -4-1,2 ISAS ecure ISCI 2 EDSA.

5 Embedded Device Security Assurance 3 ISCI SSA(System Security Assurance) iec62443 -3 2 ISA Security Compliance Institute: 3 EDSA: EnergyIndustrial DetailsCompletenessISA 99*NIST 800-53 IEC 62351 NERC CIPO peratorManufacturerISO 27K Technical AspectsManagement AspectsDetails of OperationsRelevance for ManufacturersCPNIIEEE P 1686 6 CD CommitteeDraft CDV CommitteeDraft for Vote DC Documentfor CommentsDTR: Draft Technical Report NP NewWorkItemProposal RR:Review ReportIEC:International Electrotechnical CommisionIACS: Industrial Automation and Control SystemsISA:International Society of AutomationWIB: International Instrument User's Associations 62443-1-1 Terminology, concepts and models Scada 62443-1-2 Master glossary of terms andabbreviations DTR 2012Q362443-1-3 System security compliance metrics DTR an IACS securityprogram CDV 2012Q4159 ISMS ISO27001 62443-2-2 Operating an IACS security program CDV 2013Q162443-2-3 Patch management in the IACS environment DTR 2012Q362443-2-4 Certification of IACS suppliersecurity policies and practices CDV 62443-3-1 Security technologies for IACS / / / 62443-3-2 Security assurance levels for zonesand conduits CDV security requirements andsecurity assurance levels 75% CDV 2012Q1

6 62443-4-1 Product development requirements CDV 2013Q1 ISAS ecure EDSA SDSA 62443-4-2 Technical security requirements forIACS components CDV 2013Q1 ISAS ecure EDSA FSA IEC SIer 7 iec62443 iec62443 -2-1 IT ISO/IEC27001 ISMS Information Security Management System CSMS:Cyber Security Management System IPA iec62443 -2-1 JSA 2012 10 iec62443 -2-1 iec62443 -2-1 ISO27001 iec62443 -2-1 ISA-62443-3-3 ( iec62443 -3-3) 4 IPA CSMS IPA iec62443 ISO/IEC27001 iec62443 -2-1 iec62443 -3-3 IPA iec62443 -2-1 4 ISA-62443-3-3(ISA Work Product List).

7 8 iec62443 -2-1 Establishing an industrial automation and control system security IACS Industrial Automation and Control System CSMS 5 iec62443 -2-1 2-1 4 126 1 Scope 2 Normative references 3 Terms, definitions, abbreviated terms, acronyms, and conventions 4 Elements of a cyber security management system IACS Annex A Guidance for developing the elements of a CSMS IACS Annex B Process to develop a CSMS IACS Annex C Mapping of requirements to ISO/IEC 27001 ISO/IEC 27001 5 9 2-1 iec62443 -2-1 Annex 2-1 ISO/IEC 27000 iec62443 ISO/IEC27001 iec62443 -2-1 ISO/IEC27002 iec62443 -2-1 Annex A CSMS CSMS iec62443 -2-1 Annex BCSMS CSMSIEC62443-2-1 CSMS iec62443 -2-1 AnnexA Annex 10 Annex Annex A Annex A 4 CSMS Annex A 4

8 2-2 A Description of element Element-specific information Supporting practices Baseline practices Additional practices Resource used Annex A 2-2 Annex A Annex A 126 10 iec62443 -2-1 2-3 11 PSM CSMS 12 B Annex B - Annex A (CSMS) - CSMS.

9 CSMS CSMS 2-2 6 CSMS CSMS CSMS CSMS 13 (1) CSMS CSMS CSMS CSMS (2) (3) 14 (4) CSMS CSMS CSMS CSMS CSMS CSMS (5) (5)

10 15 (6) CSMS CSMS CSMS CSMS CSMS CSMS iec62443 -2-1 CSMS CSMS 16 ISO/IEC27001 iec62443 -2-1 ISO/IEC27001 iec62443 -2-1 ISO/IEC27001 ISMS ISMS CSMS iec62443 -2-1 CSMS