CG1310-CovStry-Cert
CG1310-CovStry-Cert
CG1310-CovStry-Cert
CG1310-CovStry-Cert
CG1310-CovStry-Cert

Seeking ISASecure Certification

Oct. 15, 2013
ISA Has Developed ISASecure Certification Program
About the Author
Jim Montague is the Executive Editor at Control, Control Design and Industrial Networking magazines. Jim has spent the last 13 years as an editor and brings a wealth of automation and controls knowledge to the position. For the past eight years, Jim worked at Reed Business Information as News Editor for Control Engineering magazine. Jim has a BA in English from Carleton College in Northfield, Minnesota, and lives in Skokie, Illinois.

Check Out Montague's Google+ profile.

Besides its longstanding ISA99 standard, the ISA's Security Compliance Institute (ISCI) recently developed and launched its ISASecure Certification program.

"ISCI is a consortium of asset owners, suppliers and industry organizations formed in 2007 under the ISA Automation Standards Compliance Institute (ASCI)," says Leigh Weber, CISSP, senior security engineer at exida Consulting in Sellerville, Pa. "Its mission is to establish a set of well-engineered specifications and processes for testing and certifying critical control systems products, as well as decrease the time, cost and risk of developing, acquiring, and deploying control systems by establishing a collaborative industry-based program among asset owners, suppliers and other stakeholders."

Similar to well-know safety integrity level (SIL) certifications, ISASecure is a recognizable designation that suppliers can achieve for their products by allowing them to be thoroughly tested.

ISASecure is an Embedded Device Security Assurance (EDSA) certification, and its evaluation process has three steps. A supplier submits device to an ANSI A-CLASS charted lab, and the lab:

  • Physically evaluates device for functional security (FSA)
  • Conducts communication robustness test (CRT) using ISCI-approved test tools; and
  • Completes supplier audit (SDSA) on software development practices.

"These devices get every kind of malformed bit stream thrown at them to see, and then the lab sees if they're still standing when it's over," adds Weber. "Then, the lab issues a final assessment report and certification upon successful test and audit. The next step is for ISASecure is System Security Assurance to look at security across whole systems, and it's being developed now."

About the Author

Jim Montague | Executive Editor

Jim Montague is executive editor of Control.