Home | Certification Program | ISASecure Program Description

ISASecure Program Description

ISCI developed ISASecure certifications specifications using the framework of the ISA99 Standards Roadmap. The ISASecure Program scope and direction is based on the security lifecycle concept for automation controls, organized into three broad lifecycle phases including:

Devices and Systems - Conform to ISASecure Requirements (products constructed to secure characteristics and behaviors)

Supplier Practices - Product Development Life Cycle (Design for Security)

User Practices -Integration/Deployment, Operations, Life Cycle Management (Manage for Security).

The first ISASecure certification, Embedded Device Security Assurance (EDSA) focuses on the security of embedded devices and addresses device characteristics and supplier development practices for those devices.

An embedded device that meets the requirements of the ISASecure EDSA specification earns the ISASecure EDSA certification; a trademarked designation that provides instant recognition of product security characteristics and capabilities, and provides an independent industry stamp of approval similar to a ‘Safety Integrity Level’ Certification (ISO/IEC 61508).

The ISASecure EDSA certification offers three levels of recognition for a device, reflecting increasing levels of device security assurance. The levels include ISASecure Level 1 for Devices, ISASecure Level 2 for Devices, and ISASecure Level 3 for Devices. All levels of security certification granted under this program contain the following technical elements:

Functional Security Assessment (FSA)
Software Development Security Assessment (SDSA)
Communication Robustness Testing (CRT)

FSA and SDSA evaluation requirements increase in rigor for levels 2 and 3 while CRT criteria are the same regardless of certification level. The ISASecure Embedded Device Security Assurance Certification brochure (see below), provides a description of the three technical certification elements, certification levels, and the certification program.

ISASecure EDSA Conformance Scheme Definition Documents

There are five major categories of ISASecure EDSA program documents:

· Technical specifications, shown in solid light blue, that describe the technical criteria applied to determine whether a device will be certified.

NOTE ISASecure EDSA program development has followed and leveraged the parallel ISA99 standards effort underway for embedded device cyber security requirements. When the ISA-99.04.01 standard is completed, the ISASecure Embedded Device certification technical specifications will be updated to serve as a compliance program for that standard.

· Accreditation/recognition, shown in gold diagonal stripe, that describe how an organization can become a chartered laboratory or a tool supplier can obtain recognition for a CRT tool

· Symbol and certificates, shown in blue horizontal stripe, covers the topic of proper usage of the ISASecure symbol and certificates

· Structure, shown in an orange brick pattern, used to describe and operate the overall program.

· External references, shown in solid dark grey, are documents that exist outside of this particular program that are referenced by ISASecure EDSA program documents.

The ISASecure EDSA detailed formal specifications are listed in the table below and available for download.

Embedded Device Security Assurance (EDSA) Certification Specification

ISASecure EDSA Certification Program Description Brochure	View PDF
EDSA-100 ISASecure Certification Scheme	View PDF
EDSA-102 ISASecure EDSA Errata	View PDF
EDSA-200 Chartered Lab Operations and Accreditation	View PDF
EDSA-201 Recognition Process for Communication Robustness Testing Tools	View PDF
EDSA-202 Chartered Lab Application and Contract	View PDF
EDSA-204 Use of Symbol and Certificates	View PDF
EDSA-206 CRT Lab Operations and Accreditation	VIEW PDF
EDSA-300 ISASecure Certification Requirements	View PDF
EDSA-301 Maintenance of ISASecure Certification	View PDF
EDSA-311 Functional Security Assessment (FSA)	View PDF
EDSA-312 Software Development Security Assessment (SDSA)	View PDF
EDSA-310 Common Requirements for Communication Robustness Testing (CRT)	View PDF
EDSA-401 Ethernet robustness test specification	View PDF
EDSA-402 ARP robustness test specification	View PDF
EDSA-403 IPv4 robustness test specification	View PDF
EDSA-404 ICMPv4 robustness test specification	View PDF
EDSA-405 UDP robustness test specification	View PDF
EDSA-406 TCP robustness test specification	View PDF
ASCI Policies and Procedures 24 June 2010	View PDF
ASCI Chartered Test Lab 2009 Approval Process	VIEW PDF