Object Management Group
Industry IoT Consortium and International Society of Automation Help Companies Secure Industrial Automation & Control Systems
IoT Security Maturity Model: 62443 Mappings for Asset Owners and Product Suppliers Published
BOSTON, MA – MAY 5, 2022 – The Industry IoT Consortium® (IIC™) and the International Society of Automation™ announced the IoT Security Maturity Model (SMM): 62443 Mappings for Asset Owners and Product Suppliers. “This new guidance extends the previously published IoT Security Maturity Model (SMM): Practitioner’s Guide to provide mappings to existing 62443 standards and specific guidance for the asset owner and product supplier roles,” said Ron Zahavi, Chief Strategist for IoT standards at Microsoft and IoT SMM co-author.
The IIC IoT SMM helps organizations choose their security target state and determine their current security state. By repeatedly comparing the target and current states, organizations can identify where they can make further improvements.
The ISA99 committee developed the 62443 series of standards, which the International Electrotechnical Commission (IEC) adopted. The standards address current and future vulnerabilities in Industrial Automation and Control Systems (IACS) and apply necessary mitigation systematically and defensibly. The ISA/IEC 62443 standards focus on maturity but only on the maturity of security programs and processes.
“Achieving security maturity targets can be difficult to put into practice without concrete guidance,” said Frederick Hirsch, co-chair of the IIC ISA/IIC Contributing Group. "These 62443 mappings enable practitioners to better achieve security maturity by relating IIC IoT SMM practice comprehensiveness levels to ISA/IEC 62443 requirements. In this way, IACS asset owners and product suppliers can achieve appropriate maturity targets more easily."
Eric Cosman, co-chair of the ISA99, said, "While standards such as ISA/IEC 62443 are needed to codify proven and accepted engineering practices, they are seldom sufficient. Joint efforts such as this provide the practical guidance necessary to promote and support their adoption."
Pierre Kobes, a member of both ISA99 and IEC Technical Committee 65, said, “It is not about more security but about implementing the appropriate security measures. IoT SMM: 62443 Mappings for Asset Owners and Product Suppliers helps companies select the adequate security levels commensurate with their expected level of risk.”
You can download IoT SMM: 62443 Mappings for Asset Owners and Product Suppliers from IIC and ISA websites. You will find a complete list of the contributing authors in the document. Work is underway to add the service provider role to the document in a future revision.
About the International Society of Automation
The International Society of Automation (ISA) is a non-profit professional association of engineers, technicians, and management engaged in industrial automation. As the globally trusted provider of foundational standards-based technical resources for the profession, ISA strives to build a better world through automation.
About Digital Twin Consortium
Digital Twin Consortium is The Authority in Digital Twin. It coalesces industry, government, and academia to drive consistency in vocabulary, architecture, security, and interoperability of digital twin technology. It advances digital twin technology in many industries, from Aerospace to natural resources. Digital Twin Consortium is a program of Object Management Group. For more information, visit https://www.digitaltwinconsortium.org.
Note to editors: Digital Twin Consortium is a registered trademark of OMG. See listing of all OMG trademarks. All other trademarks are the property of their respective owners.