IEC 62443-3-3 Edition 1.0 2013-08 INTERNATIONAL STANDARD NORME INTERNATIONALE I

IEC 62443-3-3 Edition 1.0 2013-08 INTERNATIONAL STANDARD NORME INTERNATIONALE Industrial communication networks – Network and system security – Part 3-3: System security requirements and security levels Réseaux industriels de communication – Sécurité dans les réseaux et les systèmes – Partie 3-3: Exigences de sécurité des systèmes et niveaux de sécurité INTERNATIONAL ELECTROTECHNICAL COMMISSION COMMISSION ELECTROTECHNIQUE INTERNATIONALE ICS 25.040.40; 35.110 ISBN 978-2-8322-6422-5 ® Registered trademark of the International Electrotechnical Commission Marque déposée de la Commission Electrotechnique Internationale ® Warning! Make sure that you obtained this publication from an authorized distributor. Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé. colour inside This is a preview - click here to buy the full publication – 2 – IEC 62443-3-3:2013 © IEC 2013 CONTENTS CONTENTS ............................................................................................................................ 2 FOREWORD ........................................................................................................................... 9 0 Introduction ................................................................................................................... 11 0.1 Overview............................................................................................................... 11 0.2 Purpose and intended audience ............................................................................ 12 0.3 Usage within other parts of the IEC 62443 series .................................................. 12 1 Scope ............................................................................................................................ 14 2 Normative references .................................................................................................... 14 3 Terms, definitions, abbreviated terms, acronyms, and conventions ................................ 14 3.1 Terms and definitions ............................................................................................ 14 3.2 Abbreviated terms and acronyms .......................................................................... 20 3.3 Conventions .......................................................................................................... 22 4 Common control system security constraints ................................................................. 22 4.1 Overview............................................................................................................... 22 4.2 Support of essential functions ............................................................................... 23 4.3 Compensating countermeasures ........................................................................... 23 4.4 Least privilege ...................................................................................................... 24 5 FR 1 – Identification and authentication control ............................................................. 24 5.1 Purpose and SL-C(IAC) descriptions ..................................................................... 24 5.2 Rationale .............................................................................................................. 24 5.3 SR 1.1 – Human user identification and authentication ......................................... 24 5.3.1 Requirement .................................................................................................. 24 5.3.2 Rationale and supplemental guidance............................................................ 24 5.3.3 Requirement enhancements .......................................................................... 25 5.3.4 Security levels ............................................................................................... 25 5.4 SR 1.2 – Software process and device identification and authentication ................ 26 5.4.1 Requirement .................................................................................................. 26 5.4.2 Rationale and supplemental guidance............................................................ 26 5.4.3 Requirement enhancements .......................................................................... 26 5.4.4 Security levels ............................................................................................... 27 5.5 SR 1.3 – Account management ............................................................................. 27 5.5.1 Requirement .................................................................................................. 27 5.5.2 Rationale and supplemental guidance............................................................ 27 5.5.3 Requirement enhancements .......................................................................... 27 5.5.4 Security levels ............................................................................................... 27 5.6 SR 1.4 – Identifier management ............................................................................ 28 5.6.1 Requirement .................................................................................................. 28 5.6.2 Rationale and supplemental guidance............................................................ 28 5.6.3 Requirement enhancements .......................................................................... 28 5.6.4 Security levels ............................................................................................... 28 5.7 SR 1.5 – Authenticator management ..................................................................... 28 5.7.1 Requirement .................................................................................................. 28 5.7.2 Rationale and supplemental guidance............................................................ 28 5.7.3 Requirement enhancements .......................................................................... 29 5.7.4 Security levels ............................................................................................... 29 5.8 SR 1.6 – Wireless access management ................................................................ 30 This is a preview - click here to buy the full publication – 82 – 62443-3-3:2013 © IEC 2013 SOMMAIRE AVANT-PROPOS .................................................................................................................. 89 0 Introduction ................................................................................................................... 91 0.1 Vue d’ensemble .................................................................................................... 91 0.2 Objectif et public visé ............................................................................................ 92 0.3 Utilisation dans d’autres parties de la série IEC 62443 .......................................... 93 1 Domaine d’application ................................................................................................... 95 2 Références normatives .................................................................................................. 95 3 Termes, définitions, termes abrégés, acronymes et conventions .................................... 96 3.1 Termes et définitions ............................................................................................ 96 3.2 Termes abrégés et acronymes ............................................................................ 101 3.3 Conventions ........................................................................................................ 103 4 Contraintes communes de sécurité du système de commande..................................... 104 4.1 Présentation ....................................................................................................... 104 4.2 Prise en charge des fonctions essentielles .......................................................... 104 4.3 Contre-mesures compensatoires ......................................................................... 105 4.4 Moindre privilège ................................................................................................ 106 5 FR 1– Commande d’identification et d’authentification ................................................. 106 5.1 Objectif et descriptions du SL-C(IAC) .................................................................. 106 5.2 Justification ........................................................................................................ 106 5.3 SR 1.1 – Identification et authentification d’utilisateur humain ............................. 106 5.3.1 Exigence ..................................................................................................... 106 5.3.2 Justification et recommandations supplémentaires ...................................... 106 5.3.3 Améliorations d'exigences ........................................................................... 107 5.3.4 Niveaux de sécurité ..................................................................................... 107 5.4 SR 1.2 – Identification et authentification du processus logiciel et de l’appareil ............................................................................................................. 108 5.4.1 Exigence ..................................................................................................... 108 5.4.2 Justification et recommandations supplémentaires ...................................... 108 5.4.3 Améliorations d'exigences ........................................................................... 109 5.4.4 Niveaux de sécurité ..................................................................................... 109 5.5 SR 1.3 – Gestion des comptes ............................................................................ 109 5.5.1 Exigence ..................................................................................................... 109 5.5.2 Justification et recommandations supplémentaires ...................................... 109 5.5.3 Améliorations d'exigences ........................................................................... 109 5.5.4 Niveaux de sécurité ..................................................................................... 109 5.6 SR 1.4 – Gestion des identificateurs ................................................................... 110 5.6.1 Exigence ..................................................................................................... 110 5.6.2 Justification et recommandations supplémentaires ...................................... 110 5.6.3 Améliorations d'exigences ........................................................................... 110 5.6.4 Niveaux de sécurité ..................................................................................... 110 5.7 SR 1.5 – Gestion des authentifiants .................................................................... 110 5.7.1 Exigence ..................................................................................................... 110 5.7.2 Justification et recommandations supplémentaires ...................................... 111 5.7.3 Améliorations d'exigences ........................................................................... 112 5.7.4 Niveaux de sécurité ..................................................................................... 112 5.8 SR 1.6 – Gestion des accès sans fil .................................................................... 112 5.8.1 Exigence ..................................................................................................... 112 This is a preview - click here to buy the full publication IEC 62443-3-3:2013 © IEC 2013 – 3 – 5.8.1 Requirement .................................................................................................. 30 5.8.2 Rationale and supplemental guidance............................................................ 30 5.8.3 Requirement enhancements .......................................................................... 30 5.8.4 Security levels ............................................................................................... 30 5.9 SR 1.7 – Strength of password-based authentication ............................................ 30 5.9.1 Requirement .................................................................................................. 30 5.9.2 Rationale and supplemental guidance............................................................ 30 5.9.3 Requirement enhancements .......................................................................... 31 5.9.4 Security levels ............................................................................................... 31 5.10 SR 1.8 – Public key infrastructure (PKI) certificates .............................................. 31 5.10.1 Requirement .................................................................................................. 31 5.10.2 Rationale and supplemental guidance............................................................ 31 5.10.3 Requirement enhancements .......................................................................... 32 5.10.4 Security levels ............................................................................................... 32 5.11 SR 1.9 – Strength of public key authentication ...................................................... 32 5.11.1 Requirement .................................................................................................. 32 5.11.2 Rationale and supplemental guidance............................................................ 32 5.11.3 Requirement enhancements .......................................................................... 33 5.11.4 Security levels ............................................................................................... 33 5.12 SR 1.10 – Authenticator feedback ......................................................................... 33 5.12.1 Requirement .................................................................................................. 33 5.12.2 Rationale and supplemental guidance............................................................ 33 5.12.3 Requirement enhancements .......................................................................... 33 5.12.4 Security levels ............................................................................................... 33 5.13 SR 1.11 – Unsuccessful login attempts ................................................................. 34 5.13.1 Requirement .................................................................................................. 34 5.13.2 Rationale and supplemental guidance............................................................ 34 5.13.3 Requirement enhancements .......................................................................... 34 5.13.4 Security levels ............................................................................................... 34 5.14 SR 1.12 – System use notification ......................................................................... 34 5.14.1 Requirement .................................................................................................. 34 5.14.2 Rationale and supplemental guidance............................................................ 34 5.14.3 Requirement enhancements .......................................................................... 35 5.14.4 Security levels ............................................................................................... 35 5.15 SR 1.13 – Access via untrusted networks ............................................................. 35 5.15.1 Requirement .................................................................................................. 35 5.15.2 Rationale and supplemental guidance............................................................ 35 5.15.3 Requirement enhancements .......................................................................... 35 5.15.4 Security levels ............................................................................................... 35 6 FR 2 – Use control......................................................................................................... 36 6.1 Purpose and SL-C(UC) descriptions ...................................................................... 36 6.2 Rationale .............................................................................................................. 36 6.3 SR 2.1 – Authorization enforcement ...................................................................... 36 6.3.1 Requirement .................................................................................................. 36 6.3.2 Rationale and supplemental guidance............................................................ 36 6.3.3 Requirement enhancements .......................................................................... 37 6.3.4 Security levels ............................................................................................... 37 6.4 SR 2.2 – Wireless use control ............................................................................... 37 6.4.1 Requirement .................................................................................................. 37 This is a preview - click here to buy the full publication 62443-3-3:2013 © IEC 2013 – 83 – 5.8.2 Justification et recommandations supplémentaires ...................................... 112 5.8.3 Améliorations d'exigences ........................................................................... 112 5.8.4 Niveaux de sécurité ..................................................................................... 112 5.9 SR 1.7 – Force de l’authentification basée sur le mot de passe ........................... 113 5.9.1 Exigence ..................................................................................................... 113 5.9.2 Justification et recommandations supplémentaires ...................................... 113 5.9.3 Améliorations d'exigences ........................................................................... 113 5.9.4 Niveaux de sécurité ..................................................................................... 114 5.10 SR 1.8 – Certificats d’infrastructure à clés publiques (ICP) ................................. 114 5.10.1 Exigence ..................................................................................................... 114 5.10.2 Justification et recommandations supplémentaires ...................................... 114 5.10.3 Améliorations d'exigences ........................................................................... 114 5.10.4 Niveaux de sécurité ..................................................................................... 114 5.11 SR 1.9 – Force de l’authentification de clé publique ............................................ 114 5.11.1 Exigence ..................................................................................................... 114 5.11.2 Justification et recommandations supplémentaires ...................................... 115 5.11.3 Améliorations d'exigences ........................................................................... 115 5.11.4 Niveaux de sécurité ..................................................................................... 115 5.12 SR 1.10 – Rétroaction de l’authentifiant .............................................................. 116 5.12.1 Exigence ..................................................................................................... 116 5.12.2 Justification et recommandations supplémentaires ...................................... 116 5.12.3 Améliorations d'exigences ........................................................................... 116 5.12.4 Niveaux de sécurité ..................................................................................... 116 5.13 SR 1.11 – Tentatives d’authentification infructueuses ......................................... 116 5.13.1 Exigence ..................................................................................................... 116 5.13.2 Justification et recommandations supplémentaires ...................................... 116 5.13.3 Améliorations d'exigences ........................................................................... 117 5.13.4 Niveaux de sécurité ..................................................................................... 117 5.14 SR 1.12 – Notification d’utilisation du système .................................................... 117 5.14.1 Exigence ..................................................................................................... 117 5.14.2 Justification et recommandations supplémentaires ...................................... 117 5.14.3 Améliorations d'exigences ........................................................................... 117 5.14.4 Niveaux de sécurité ..................................................................................... 117 5.15 SR 1.13 – Accès par des réseaux non sécurisés ................................................. 118 5.15.1 Exigence ..................................................................................................... 118 5.15.2 Justification et recommandations supplémentaires ...................................... 118 5.15.3 Améliorations d'exigences ........................................................................... 118 5.15.4 Niveaux de sécurité ..................................................................................... 118 6 FR 2 – Commande d’utilisation .................................................................................... 118 6.1 Objectif et descriptions du SL-C(UC) .................................................................. 118 6.2 Justification ........................................................................................................ 119 6.3 SR 2.1 – Application de l’autorisation .................................................................. 119 6.3.1 Exigence ..................................................................................................... 119 6.3.2 Justification et recommandations supplémentaires ...................................... 119 6.3.3 Améliorations d'exigences ........................................................................... 120 6.3.4 Niveaux de sécurité ..................................................................................... 120 6.4 SR 2.2 –Contrôle d’utilisation sans fil .................................................................. 120 6.4.1 Exigence ..................................................................................................... 120 6.4.2 Justification et recommandations supplémentaires ...................................... 121 This is a preview - click here to buy the full publication – 4 – IEC 62443-3-3:2013 © IEC 2013 6.4.2 Rationale and supplemental guidance............................................................ 38 6.4.3 Requirement enhancements .......................................................................... 38 6.4.4 Security levels ............................................................................................... 38 6.5 SR 2.3 – Use control for portable and mobile devices ........................................... 38 6.5.1 Requirement .................................................................................................. 38 6.5.2 Rationale and supplemental guidance............................................................ 38 6.5.3 Requirement enhancements .......................................................................... 39 6.5.4 Security levels ............................................................................................... 39 6.6 SR 2.4 – Mobile code ............................................................................................ 39 6.6.1 Requirement .................................................................................................. 39 6.6.2 Rationale and supplemental guidance............................................................ 39 6.6.3 Requirement enhancements .......................................................................... 39 6.6.4 Security levels ............................................................................................... 39 6.7 SR 2.5 – Session lock ........................................................................................... 40 6.7.1 Requirement .................................................................................................. 40 6.7.2 Rationale and supplemental guidance............................................................ 40 6.7.3 Requirement enhancements .......................................................................... 40 6.7.4 Security levels ............................................................................................... 40 6.8 SR 2.6 – Remote session termination uploads/Management/international-standard-norme-internationale 5 .pdf

Tags
Managementrequirement security sécurité niveaux levels
Documents similaires
  • 26
  • 0
  • 0
Afficher les détails des licences
Licence et utilisation
Gratuit pour un usage personnel Attribution requise
Partager
  • Détails
  • Publié le Jan 08, 2022
  • Catégorie Management
  • Langue French
  • Taille du fichier 0.7509MB