IEC 62443-3-3-2013 cor1-2014 PDF

Full title and description

IEC 62443-3-3:2013/COR1:2014 — Corrigendum 1 to "Industrial communication networks - Network and system security - Part 3-3: System security requirements and security levels". This corrigendum provides corrections and clarifications to the published 2013 edition of IEC 62443-3-3, and is intended to be read together with the base 2013 text to correct editorial and specific technical references.

Abstract

Corrigendum 1 (published April 24, 2014) corrects and clarifies selected passages of IEC 62443-3-3:2013. The corrections address specific security requirement references and some implementation notes so that the control-system security requirements (SRs) and their mapping to foundational requirements (FRs) are clearer for implementers and assessors. The corrigendum is published as a separate short document and is incorporated into later consolidated editions of the standard.

General information

• Status: Published (Corrigendum to IEC 62443-3-3:2013).
• Publication date: 24 April 2014.
• Publisher: International Electrotechnical Commission (IEC).
• ICS / categories: 25.040.40 (Industrial process measurement and control), 35.110 (Networking).
• Edition / version: Corrigendum 1, edition 1.0 (2014).
• Number of pages: 1 (corrigendum document); the underlying IEC 62443-3-3:2013 main standard is an 80-page publication.

Scope

IEC 62443-3-3 (with its April 2014 corrigendum) provides detailed technical control-system security requirements (security requirements, SRs) associated with the seven foundational requirements (FRs) defined in IEC 62443‑1‑1. It defines the control-system capability security levels (SL‑C) and the SRs that system designers, integrators and assessors use when developing target and achieved security levels for IACS zones and conduits. The corrigendum supplies corrections to the published 2013 text and should be applied when using the 2013 edition.

Key topics and requirements

• Mapping of seven foundational requirements (FRs) to concrete system security requirements (SRs) for industrial automation and control systems (IACS).
• Definition and use of control-system capability security levels (SL‑C) to express required security capabilities.
• Zone-and-conduit concept for architecture-based risk segmentation and assignment of SRs.
• Corrections/clarifications to specific clauses and tables in the 2013 text (examples include updates referenced to clause 7.6.4 and SR 3.4 entries in Table B.1). These corrections are editorial/clarificatory in nature but affect how a few SRs are read and applied.
• Technical controls examples covering access control, authentication, patching/secure maintenance, integrity protection, and boundary defense tailored for control-system environments.

Typical use and users

The corrigendum is used by organizations and professionals who reference IEC 62443-3-3:2013 (system security requirements) — specifically system architects, control-system integrators, cybersecurity assessors, asset owners/operators of industrial control systems (IACS), and standards libraries. Users apply the corrigendum to ensure they interpret the 2013 requirements correctly; note that many practitioners now use the 2019 consolidated edition when available.

Related standards

This document is part of the IEC 62443 series (industrial automation and control systems security). Closely related parts include IEC 62443-1-1 (terminology and concepts), IEC 62443-2-1 (security program requirements for IACS service providers), and other technical parts such as IEC 62443-4-1 and 4-2 (secure product development and component requirements). The 2013 edition (with corrigendum) was later consolidated/updated in IEC 62443-3-3:2019; users seeking the most recent consolidated requirements should consult the 2019 edition and its corrections.

Keywords

IEC 62443, 62443-3-3, corrigendum, industrial control systems, IACS, system security requirements, security levels, SL‑C, zones and conduits, control-system cybersecurity.

FAQ

Q: What is this standard?

A: It is Corrigendum 1 (2014) to IEC 62443-3-3:2013 — a short published correction document that modifies and clarifies selected parts of the 2013 "System security requirements and security levels" standard.

Q: What does it cover?

A: The corrigendum corrects editorial or technical reference errors in the 2013 edition so readers correctly apply the specified system security requirements (SRs), the mapping to foundational requirements, and example guidance found in the main text. It does not replace the full standard; it must be read together with IEC 62443-3-3:2013.

Q: Who typically uses it?

A: System architects, control-system integrators, cybersecurity assessors, equipment vendors, and asset owners/operators who implement or audit IACS security and who reference IEC 62443-3-3:2013 for system-level technical requirements.

Q: Is it current or superseded?

A: The corrigendum remains the official correction to the 2013 edition, but the IEC 62443-3-3 document was later revised and reissued as IEC 62443-3-3:2019 (a consolidated newer edition). For current consolidated requirements, organizations commonly reference the 2019 edition and its associated corrections. Consult national or IEC catalogues for the most recent status in your region.

Q: Is it part of a series?

A: Yes — it is part of the IEC 62443 series on industrial automation and control systems security. The series includes foundational, program-level, and product/development parts (for example IEC 62443-1-1, -2-1, -3-3, -4-1, -4-2). The corrigendum applies specifically to part 3-3 (2013 edition).

Q: What are the key keywords?

A: Industrial control systems, IACS, system security requirements, security levels, SL‑C, corrigendum, IEC 62443, zones and conduits, control-system cybersecurity.