IEC TS 62443-1-5-2023 PDF

Full title and description

St IEC TS 62443-1-5-2023 — Security for industrial automation and control systems — Part 1-5: Scheme for IEC 62443 security profiles. This technical specification defines a scheme and requirements for creating, selecting and documenting IEC 62443 security profiles to support comparability of assessed IEC 62443 requirements (e.g., for conformity assessment and profile publication).

Abstract

IEC TS 62443-1-5:2023 specifies a scheme for defining IEC 62443 security profiles and sets requirements for profile content, selection, contextual mapping, maturity and security level declaration, risk evaluation of the profile, and permitted document types. The document is intended to support the development and publication of dedicated IEC 62443 security profiles as a sub‑series and to help interested parties achieve comparability in conformity assessment.

General information

• Status: Published.
• Publication date: 15 September 2023.
• Publisher: International Electrotechnical Commission (IEC) — Technical Committee TC 65.
• ICS / categories: 25.040.40 (Industrial process measurement and control).
• Edition / version: Edition 1.0 (IEC TS 62443-1-5:2023).
• Number of pages: 16 pages (electronic publication).

Scope

This Technical Specification establishes a structured scheme and mandatory requirements for the preparation and publication of IEC 62443 security profiles. It applies to security profiles that are intended to form a dedicated sub-series of IEC 62443 profile documents and focuses on ensuring that profiles: describe their context and selection of requirements, do not introduce new or modified base requirements, declare maturity and security level, and include a security risk evaluation of the profile. The primary aim is to enable comparable, repeatable use of profiles in specification and conformity assessment activities.

Key topics and requirements

• Definition and required content of an IEC 62443 security profile (PR.01: Security profile content).
• Selection rules for choosing applicable IEC 62443 requirements (PR.02: Selection).
• Contextual mapping of profile requirements to operational context and assets (PR.03: Contextual mapping).
• Prohibition on adding new technical requirements or altering existing IEC 62443 requirements (PR.04 / PR.05).
• Statement of profile maturity and declared security level (PR.06 / PR.07).
• Requirement for a security risk evaluation of the profile and guidance for document type and format (PR.08 / PR.09).

Typical use and users

Primary users are asset owners, integrators, product suppliers and conformity assessment bodies that need standardized, comparable security profiles for specifying, assessing or certifying industrial automation and control systems (IACS). Typical uses include creating industry- or application-specific security profiles, tailoring project specifications, supporting third-party assessments, and enabling consistent interpretation of IEC 62443 requirements across similar deployments.

Related standards

IEC TS 62443-1-5 is part of the IEC 62443 family (Security for industrial automation and control systems). Related and commonly referenced parts include IEC 62443-1-1 (concepts and models), 62443-1-2 (glossary), 62443-2-x (policies and procedures for asset owners and service providers), 62443-3-x (system design and system requirements, e.g., 3-3), and 62443-4-x (secure product development and component requirements, e.g., 4-1 and 4-2). The profile scheme defined in 1-5 is intended to be used in conjunction with these parts when producing profile documents for specific industries or use cases.

Keywords

IEC TS 62443-1-5, security profile, IEC 62443, IACS, scheme, profile maturity, security level, conformity assessment, industrial cybersecurity, asset owner, integrator.

FAQ

Q: What is this standard?

A: IEC TS 62443-1-5:2023 is a Technical Specification that defines a scheme and mandatory requirements for the creation and publication of IEC 62443 security profiles used in industrial automation and control systems.

Q: What does it cover?

A: It covers the required structure and content of security profiles, selection and mapping of IEC 62443 requirements to context, rules preventing changes to base requirements, declarations of profile maturity and security level, and the need for a profile-specific security risk evaluation.

Q: Who typically uses it?

A: Asset owners, system integrators, product and service suppliers, standards authors and conformity assessment bodies use this TS to develop and evaluate IEC 62443 security profiles for particular industries or applications.

Q: Is it current or superseded?

A: As published, IEC TS 62443-1-5:2023 is the current edition (Edition 1.0, published 15 Sept 2023). The IEC webstore lists stability targets and edition information; check IEC publications for updates or subsequent editions after 2023.

Q: Is it part of a series?

A: Yes — it is part of the IEC 62443 series (Security for industrial automation and control systems). Part 1-5 specifically addresses the profiles sub‑series and is intended to be used alongside other 62443 parts (1-1, 2-x, 3-x, 4-x, etc.).

Q: What are the key keywords?

A: Security profile, IEC 62443, IACS, profile scheme, maturity level, security level, conformity assessment, industrial cybersecurity.