IEC TR 62541-2-2020 PDF

Full title and description

St IEC TR 62541-2-2020 — OPC Unified Architecture (OPC UA) - Part 2: Security Model. This Technical Report describes the OPC UA security model, including threat considerations for physical, hardware and software environments, how OPC UA relies on other standards for security, common security terms used throughout the OPC UA parts, an overview of security features specified in other OPC UA parts, and implementation guidance and best practices for secure deployment.

Abstract

IEC TR 62541-2:2020 explains the security architecture for OPC UA: it defines terminology, summarizes threats and mitigation approaches, references normative security services and profiles in other OPC UA parts, and offers suggestions and best-practice guidance for implementers and integrators to achieve secure OPC UA deployments. It is intended as guidance; any normative requirements remain in the other normative parts of the OPC UA specification.

General information

• Status: Replaced / withdrawn (replaced by IEC 62541-2:2026; withdrawal date 12 February 2026).
• Publication date: 17 November 2020.
• Publisher: International Electrotechnical Commission (IEC).
• ICS / categories: 25.040.40 (Industrial automation systems); 35.100.01 (Interconnection of systems).
• Edition / version: Edition 3.0 (IEC TR 62541-2:2020).
• Number of pages: 48 pages.

Key bibliographic and status details above are based on the IEC publication record for IEC TR 62541-2:2020 and its replacement by the 2026 edition.

Scope

This part of IEC 62541 provides a descriptive and explanatory treatment of the OPC UA security model: it identifies security threats relevant to OPC UA deployments, explains the roles of authentication, authorization, confidentiality and integrity in OPC UA, describes how OPC UA leverages external standards (for example TLS, PKI, JWT where applicable), defines common security terminology used across the OPC UA parts, and highlights which security features are specified normatively in other parts of the OPC UA specification. It also gives implementation and deployment considerations and suggested best practices.

Key topics and requirements

• OPC UA security architecture and model (security goals, trust model, security endpoints).
• Threat analysis for environments where OPC UA is used (physical, hardware, software threats).
• Authentication methods and identity management (certificates, tokens, user identity tokens).
• Authorization concepts and role/permission considerations.
• Confidentiality and integrity mechanisms (encryption, signatures, transport security such as TLS).
• Profiles, mappings and references to normative services in other OPC UA parts.
• Implementation guidance and recommended best practices for secure deployment and lifecycle management (certificate handling, key management, secure configuration).

Typical use and users

Primary users are OPC UA implementers (software and device vendors), system integrators, automation and control engineers, cybersecurity professionals assessing industrial systems, test and certification bodies, and architects designing industrial-IT/OT integration. The report is used to understand the OPC UA security rationale, to guide secure implementations, and to inform deployment policies and security assessments.

Related standards

IEC TR 62541-2:2020 is one part of the IEC 62541 (OPC UA) multi-part specification. Related parts include (but are not limited to) Part 1 (Overview and concepts), Part 3 (Address Space Model), Part 4 (Services), Part 5 (Information Model), Part 6 (Mappings), Part 7 (Profiles), Part 12 (Discovery and global services) and Part 14 (PubSub). Many of these parts provide the normative services, mappings and profiles that this Technical Report references.

Keywords

OPC UA, IEC 62541, security model, threat analysis, authentication, authorization, encryption, certificates, PKI, TLS, profiles, best practices, industrial cybersecurity.

FAQ

Q: What is this standard?

A: IEC TR 62541-2:2020 is the Technical Report titled "OPC Unified Architecture - Part 2: Security Model" that explains and documents the OPC UA security model and provides implementation guidance and best practices.

Q: What does it cover?

A: It covers the OPC UA security architecture, threat considerations for OPC UA environments, common security terminology, how OPC UA depends on other standards for security, and suggestions for secure implementation and deployment; it references normative requirements contained in other OPC UA parts.

Q: Who typically uses it?

A: OPC UA product vendors, system integrators, automation engineers, cybersecurity assessors, and certification/test organizations use it to guide secure OPC UA implementations and deployments.

Q: Is it current or superseded?

A: IEC TR 62541-2:2020 has been replaced by a later edition (IEC 62541-2:2026). The 2020 Technical Report was withdrawn (withdrawal date recorded as 12 February 2026) and superseded by the 2026 revision. Users seeking the current normative guidance should consult the 2026 edition.

Q: Is it part of a series?

A: Yes — it is Part 2 of the IEC 62541 (OPC UA) multi-part specification. Other Parts cover overview/concepts, address space, services, information models, mappings, profiles, PubSub and additional functional areas of OPC UA.

Q: What are the key keywords?

A: OPC UA, security model, encryption, authentication, authorization, certificates, PKI, TLS, threat model, profiles, best practices.