CIP IEC-62443-4-2 Assessment Result
Revision History
Revision No |
Date |
Change description |
Author |
Reviewed by |
|---|---|---|---|---|
001 |
2025-07-24 |
CIP IEC-62443-4-2 assessment results |
Dinesh Kumar |
BV (Bureau Veritas) |
002 |
2025-11-14 |
CIP IEC-62443-4-2 assessment results |
Dinesh Kumar |
BV (Bureau Veritas) |
1. Overview
This document is based on the CIP IEC-62443-4-2 final assessment results. The objective is to share final assessment results with CIP users which should help CIP users to make informed decision for their end product IEC-62443-4-2 compliance preparation.
2. Reference hardware for IEC-62443-4-2 assessment
CIP supports plethora of hardware. List of supported hardware can be found at CIP reference hardware Wiki page.
Siemens M-COM device based on X-86 was used for CIP IEC-62443-4-2 final assessment. Refer M-COM document for creating CIP reference images for M-COM.
3. Software Components
isar-cip-core: V1.7 (Based on Debian bookworm)
CIP kernel: 6.1.131-cip39
4. Target Security Level
There are four security levels defined in IEC-62443-4-2 (SL-1, SL-2, SL-3 and SL-4). The target for CIP IEC-62443-4-2 assessment was SL-2 which implicitly means SL-1 & SL-2 requirements.
5. Target device category
CIP IEC-62443-4-2 assessment was targeted for Embedded and Network Device categories. Host device and Application category was out of scope for the assessment.
6. Assessment Results
Following sections have status of CIP IEC-62443-4-2 assessment results for all seven Foundational Requirements (FRs). The results are based on audit conducted by BV.
6.1 FR-1 Identification and Authentication Control
IEC Requirement ID |
Security level (SL) |
CIP Compliance Status |
|---|---|---|
CR 1.01 |
SL-1 |
PASS |
CR 1.01 RE(1) |
SL-2 |
PASS |
CR 1.01 RE(2) |
SL-3 |
NA |
CR 1.02 |
SL-2 |
NA |
CR 1.03 |
SL-1 |
PASS |
CR 1.04 |
SL-1 |
PASS |
CR 1.05 |
SL-1 |
PASS |
NDR 1.06 |
SL-1 |
NA |
NDR 1.06 RE(1) |
SL-2 |
NA |
CR 1.07 |
SL-1 |
PASS |
CR 1.08 |
SL-2 |
PASS |
CR 1.09 |
SL-2 |
PASS |
CR 1.10 |
SL-1 |
PASS |
CR 1.11 |
SL-1 |
PASS |
CR 1.12 |
SL-1 |
NA |
NDR 1.13 |
SL-1 |
NA |
NDR 1.13 RE(1) |
SL-3 |
NA |
CR 1.14 |
SL-2 |
NA |
6.2 FR-2 Use Control
IEC Requirement ID |
Security level (SL) |
CIP Compliance Status |
|---|---|---|
CR 2.01 |
SL-1 |
PASS |
CR 2.01 RE(1) |
SL-2 |
PASS |
CR 2.01 RE(2) |
SL-2 |
PASS |
CR 2.02 |
SL-1 |
NA |
CR 2.03 |
NA |
NA |
CR 2.04 |
NA |
NA |
EDR 2.04 |
SL-1 |
NA |
HDR 2.04 |
SL-1 |
NA |
NDR 2.04 |
SL-1 |
NA |
SAR 2.04 |
SL-1 |
NA |
EDR 2.04 RE(1) |
SL-2 |
NA |
HDR 2.04 RE(1) |
SL-2 |
NA |
NDR 2.04 RE(1) |
SL-2 |
NA |
SAR 2.04 RE(1) |
SL-2 |
NA |
CR 2.05 |
SL-1 |
PASS |
CR 2.06 |
SL-2 |
PASS |
CR 2.08 |
SL-1 |
PASS |
CR 2.09 |
SL-1 |
PASS |
CR 2.10 |
SL-1 |
PASS |
CR 2.11 |
SL-1 |
PASS |
CR 2.11 RE(1) |
SL-2 |
PASS |
CR 2.12 |
SL-1 |
PASS |
CR 2.13 |
NA |
NA |
EDR 2.13 |
SL-2 |
PASS |
HDR 2.13 |
SL-2 |
NA |
NDR 2.13 |
SL-2 |
PASS |
EDR 2.13 RE(1) |
SL-3 |
NA |
HDR 2.13 RE(1) |
SL-3 |
NA |
NDR 2.13 RE(1) |
SL-3 |
NA |
6.3 FR-3 System Integrity
IEC Requirement ID |
Security level (SL) |
CIP Compliance Status |
|---|---|---|
CR-3.01 |
SL-1 |
PASS |
CR-3.01 RE (1) |
SL-2 |
PASS |
CR-3.02 |
NA |
NA |
EDR 3.02 |
SL-1 |
NA |
HDR 3.02 |
SL-1 |
NA |
NDR 3.02 |
SL-1 |
NA |
SAR 3.02 |
SL-1 |
NA |
HDR 3.02 RE (1) |
SL-2 |
NA |
CR 3.03 |
SL-1 |
NA |
CR 3.04 |
SL-1 |
PASS |
CR 3.04 RE (1) |
SL-2 |
PASS |
CR 3.05 |
SL-1 |
PASS |
CR 3.06 |
SL-1 |
NA |
CR 3.07 |
SL-1 |
PASS |
CR 3.08 |
SL-2 |
PASS |
CR 3.09 |
SL-2 |
PASS |
CR 3.10 |
NA |
NA |
EDR 3.10 |
SL-1 |
PASS |
HDR 3.10 |
SL-1 |
NA |
NDR 3.10 |
SL-1 |
PASS |
EDR 3.10 RE(1) |
SL-2 |
PASS |
HDR 3.10 RE(1) |
SL-2 |
NA |
NDR 3.10 RE(1) |
SL-2 |
PASS |
CR 3.11 |
NA |
NA |
EDR 3.11 |
SL-2 |
NA |
HDR 3.11 |
SL-2 |
NA |
NDR 3.11 |
SL-2 |
NA |
EDR 3.11 RE(1) |
SL-3 |
NA |
HDR 3.11 RE(1) |
SL-3 |
NA |
NDR 3.11 RE(1) |
SL-3 |
NA |
CR 3.12 |
NA |
NA |
EDR 3.12 |
SL-2 |
PASS |
HDR 3.12 |
SL-2 |
NA |
NDR 3.12 |
SL-2 |
PASS |
CR 3.13 |
NA |
NA |
EDR 3.13 |
SL-2 |
PASS |
HDR 3.13 |
SL-2 |
NA |
NDR 3.13 |
SL-2 |
PASS |
CR 3.14 |
NA |
NA |
EDR 3.14 |
SL-1 |
PASS |
HDR 3.14 |
SL-1 |
NA |
NDR 3.14 |
SL-1 |
PASS |
EDR 3.14 RE(1) |
SL-2 |
PASS |
HDR 3.14 RE(1) |
SL-2 |
NA |
NDR 3.14 RE(1) |
SL-2 |
PASS |
6.4 FR-4 Data Confidentiality
IEC Requirement ID |
Security level (SL) |
CIP Compliance Status |
|---|---|---|
CR-4.01 |
SL-1 |
PASS |
CR-4.02 |
SL-2 |
PASS |
CR-4.03 |
SL-1 |
PASS |
6.5 FR-5 Restricted Data Flow
IEC Requirement ID |
Security level (SL) |
CIP Compliance Status |
|---|---|---|
CR-5.01 |
SL-1 |
NA |
CR-5.02 |
NA |
NA |
NDR 5.02 |
SL-1 |
NA |
NDR 5.02 RE (1) |
SL-2 |
NA |
NDR 5.02 RE (2) |
SL-3 |
NA |
NDR 5.02 RE (3) |
SL-3 |
NA |
CR 5.03 |
NA |
NA |
NDR 5.03 |
SL-1 |
NA |
CR 5.04 |
NA |
NA |
6.6 FR-6 Timely response to events
IEC Requirement ID |
Security level (SL) |
CIP Compliance Status |
|---|---|---|
CR-6.01 |
SL-1 |
PASS |
CR-6.01 RE (1) |
SL-3 |
NA |
CR-6.02 |
SL-2 |
PASS |
6.7 FR-7 Resource Availability
IEC Requirement ID |
Security level (SL) |
CIP Compliance Status |
|---|---|---|
CR-7.01 |
SL-1 |
PASS |
CR-7.01 RE (1) |
SL-2 |
PASS |
CR-7.02 |
SL-1 |
NA |
CR-7.03 |
SL-1 |
NA |
CR-7.03 RE (1) |
SL-2 |
NA |
CR-7.04 |
SL-1 |
NA |
CR-7.05 |
NA |
NA |
CR-7.06 |
SL-1 |
PASS |
CR-7.07 |
SL-1 |
PASS |
CR-7.08 |
SL-2 |
PASS |
6.8 SL-3 and SL-4 Requirements
Following SL-3 & SL-4 requirements were out of scope for assessment hence marked as NA.
IEC Requirement ID |
Security level (SL) |
CIP Compliance Status |
|---|---|---|
CR-1.02 RE (1) |
SL-3 |
NA |
CR-1.05 RE (1) |
SL-3 |
NA |
CR-1.07 RE (1) |
SL-3 |
NA |
CR-1.07 RE (2) |
SL-4 |
NA |
CR-1.09 RE (1) |
SL-3 |
NA |
CR-1.14 RE (1) |
SL-3 |
NA |
CR-2.01 RE (3) |
SL-3 |
NA |
CR-2.01 RE (4) |
SL-4 |
NA |
CR-2.07 |
SL-3 |
NA |
CR-2.09 RE (1) |
SL-3 |
NA |
CR-2.11 RE (2) |
SL-4 |
NA |
CR-2.12 RE (1) |
SL-4 |
NA |
CR-3.03 RE (1) |
SL-4 |
NA |
CR-3.04 RE (2) |
SL-3 |
NA |
CR-3.09 RE (1) |
SL-4 |
NA |
CR-4.02 RE (1) |
SL-3 |
NA |
CR-4.02 RE (2) |
SL-3 |
NA |
CR-7.06 RE (1) |
SL-3 |
NA |
7. CIP IEC-62443-4-2 Assessment Summary
CIP IEC-62443-4-2 final assessment is in progress. This document will be updated further based on final assessment summary and results.