1. Home
  2. Moldova standards
  3. STM
  4. St IEC TR 62443-2-3-2015

IEC TR 62443-2-3-2015 PDF

St IEC TR 62443-2-3-2015

Name in English:
St IEC TR 62443-2-3-2015

Name in Russian:
Ст IEC TR 62443-2-3-2015

Description in English:

Original standard IEC TR 62443-2-3-2015 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт IEC TR 62443-2-3-2015 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiec08976
Choose Document Language:
€35

Full title and description

Security for industrial automation and control systems - Part 2-3: Patch management in the IACS environment (IEC TR 62443-2-3:2015). This Technical Report describes requirements for asset owners and IACS product suppliers for establishing and maintaining a patch management program, and recommends a defined format and activities for the distribution, development, deployment and installation of security-related (and optionally non-security) patches in IACS environments.

Abstract

IEC TR 62443-2-3:2015 provides guidance and recommended practices for patch management specific to Industrial Automation and Control Systems (IACS). It defines the roles and responsibilities of asset owners and product suppliers, specifies an exchange format for patch information, and outlines activities for patch development, notification, distribution and deployment with the aim of reducing security risk introduced by unpatched vulnerabilities.

General information

  • Status: Published / active (Technical Report).
  • Publication date: 30 June 2015.
  • Publisher: International Electrotechnical Commission (IEC).
  • ICS / categories: 25.040.40; 35.040.40; 35.100.05.
  • Edition / version: Edition 1.0 (2015).
  • Number of pages: 61 pages.

Scope

The report applies to asset owners and IACS product suppliers that have established or are maintaining a patch management programme. It recommends a defined exchange format for patch information between asset owners and product suppliers, and defines activities associated with producing patch information, distributing patch notices and deploying/installing patches. Though focused on security-related patches, the format and processes may also be applied to non-security updates.

Key topics and requirements

  • Requirements for establishing and maintaining an IACS-specific patch management programme for asset owners and product suppliers.
  • Recommended exchange format and content for patch notifications and technical information to support safe deployment.
  • Defined activities for product suppliers to develop patch information (impact, prerequisites, mitigations) and for asset owners to plan, test and deploy patches.
  • Guidance on coordination and communication between stakeholders to minimize operational disruption and security risk.
  • Normative references and cross-references within the IEC 62443 family (for program establishment, terminology and related requirements).

Typical use and users

This Technical Report is used by asset owners (operators of industrial control systems), IACS product suppliers/manufacturers, system integrators, operations and maintenance teams, and cybersecurity or risk-management professionals responsible for patch governance, lifecycle management and secure operations in industrial environments. It supports procurement, vulnerability response and coordinated patch deployment processes.

Related standards

IEC TR 62443-2-3 is part of the IEC 62443 series on industrial automation and control systems security. Commonly referenced parts include IEC 62443-2-1 (establishing an IACS security program), IEC TS/62443-1-1 (terminology and concepts) and other 62443 parts addressing product development and system requirements. The report lists normative references to related 62443 documents and supporting standards.

Keywords

IEC 62443, patch management, IACS, industrial control systems, cybersecurity, vulnerability management, asset owner, product supplier, patch notification, patch deployment.

FAQ

Q: What is this standard?

A: IEC TR 62443-2-3:2015 is a Technical Report in the IEC 62443 family that provides guidance and recommended practices for patch management in industrial automation and control systems (IACS).

Q: What does it cover?

A: It covers requirements and recommended activities for asset owners and product suppliers related to the creation, exchange, notification, testing and deployment of patches — primarily security patches — within IACS environments, including a recommended exchange format for patch information.

Q: Who typically uses it?

A: Asset owners/operators of industrial control systems, IACS product suppliers and manufacturers, system integrators, operations/maintenance teams, cybersecurity teams and auditors use this report to design and run patch management processes aligned to industrial constraints.

Q: Is it current or superseded?

A: IEC TR 62443-2-3:2015 was published on 30 June 2015 and is published/active; IEC lists a stability date through 2027, so as of 26 February 2026 it remains the published Technical Report for this topic (not formally superseded). Users should confirm any amendments or newer parts in the 62443 series before relying on it for procurement or compliance.

Q: Is it part of a series?

A: Yes — it is part of the IEC 62443 series addressing security for industrial automation and control systems. The series includes foundational, program-level, product development and system-level documents (for example IEC 62443-1-1, 62443-2-1, 62443-4-1, etc.).

Q: What are the key keywords?

A: Patch management, IACS, IEC 62443, industrial cybersecurity, vulnerability management, patch notification, asset owner, product supplier.