CIP IEC-62443-4-2 Assessment Result =================================== .. contents:: **Revision History** .. list-table:: :header-rows: 1 * - Revision No - Date - Change description - Author - Reviewed by * - 001 - 2025-07-24 - CIP IEC-62443-4-2 assessment results - Dinesh Kumar - BV (Bureau Veritas) * - 002 - 2025-11-14 - CIP IEC-62443-4-2 assessment results - Dinesh Kumar - BV (Bureau Veritas) 1. Overview ----------- This document is based on the CIP IEC-62443-4-2 final assessment results. The objective is to share final assessment results with CIP users which should help CIP users to make informed decision for their end product IEC-62443-4-2 compliance preparation. 2. Reference hardware for IEC-62443-4-2 assessment ------------------------------------------------------ CIP supports plethora of hardware. List of supported hardware can be found at `CIP reference hardware Wiki page `__. Siemens M-COM device based on X-86 was used for CIP IEC-62443-4-2 final assessment. Refer `M-COM document `__ for creating CIP reference images for M-COM. 3. Software Components ----------------------- **isar-cip-core: V1.7 (Based on Debian bookworm)** **CIP kernel: 6.1.131-cip39** 4. Target Security Level ------------------------- There are four security levels defined in IEC-62443-4-2 (SL-1, SL-2, SL-3 and SL-4). The target for CIP IEC-62443-4-2 assessment was SL-2 which implicitly means SL-1 & SL-2 requirements. 5. Target device category ------------------------- CIP IEC-62443-4-2 assessment was targeted for **Embedded** and **Network** Device categories. **Host device** and **Application** category was out of scope for the assessment. 6. Assessment Results ------------------------- Following sections have status of CIP IEC-62443-4-2 assessment results for all seven Foundational Requirements (FRs). The results are based on audit conducted by BV. 6.1 FR-1 Identification and Authentication Control ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +--------------------+---------------------+-----------------------+ | IEC Requirement ID | Security level (SL) | CIP Compliance Status | +====================+=====================+=======================+ | CR 1.01 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR 1.01 RE(1) | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | CR 1.01 RE(2) | SL-3 | NA | +--------------------+---------------------+-----------------------+ | CR 1.02 | SL-2 | NA | +--------------------+---------------------+-----------------------+ | CR 1.03 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR 1.04 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR 1.05 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | NDR 1.06 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | NDR 1.06 RE(1) | SL-2 | NA | +--------------------+---------------------+-----------------------+ | CR 1.07 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR 1.08 | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | CR 1.09 | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | CR 1.10 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR 1.11 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR 1.12 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | NDR 1.13 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | NDR 1.13 RE(1) | SL-3 | NA | +--------------------+---------------------+-----------------------+ | CR 1.14 | SL-2 | NA | +--------------------+---------------------+-----------------------+ 6.2 FR-2 Use Control ~~~~~~~~~~~~~~~~~~~~ +--------------------+---------------------+-----------------------+ | IEC Requirement ID | Security level (SL) | CIP Compliance Status | +====================+=====================+=======================+ | CR 2.01 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR 2.01 RE(1) | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | CR 2.01 RE(2) | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | CR 2.02 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | CR 2.03 | NA | NA | +--------------------+---------------------+-----------------------+ | CR 2.04 | NA | NA | +--------------------+---------------------+-----------------------+ | EDR 2.04 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | HDR 2.04 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | NDR 2.04 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | SAR 2.04 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | EDR 2.04 RE(1) | SL-2 | NA | +--------------------+---------------------+-----------------------+ | HDR 2.04 RE(1) | SL-2 | NA | +--------------------+---------------------+-----------------------+ | NDR 2.04 RE(1) | SL-2 | NA | +--------------------+---------------------+-----------------------+ | SAR 2.04 RE(1) | SL-2 | NA | +--------------------+---------------------+-----------------------+ | CR 2.05 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR 2.06 | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | CR 2.08 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR 2.09 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR 2.10 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR 2.11 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR 2.11 RE(1) | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | CR 2.12 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR 2.13 | NA | NA | +--------------------+---------------------+-----------------------+ | EDR 2.13 | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | HDR 2.13 | SL-2 | NA | +--------------------+---------------------+-----------------------+ | NDR 2.13 | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | EDR 2.13 RE(1) | SL-3 | NA | +--------------------+---------------------+-----------------------+ | HDR 2.13 RE(1) | SL-3 | NA | +--------------------+---------------------+-----------------------+ | NDR 2.13 RE(1) | SL-3 | NA | +--------------------+---------------------+-----------------------+ 6.3 FR-3 System Integrity ~~~~~~~~~~~~~~~~~~~~~~~~~~ +--------------------+---------------------+-----------------------+ | IEC Requirement ID | Security level (SL) | CIP Compliance Status | +====================+=====================+=======================+ | CR-3.01 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR-3.01 RE (1) | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | CR-3.02 | NA | NA | +--------------------+---------------------+-----------------------+ | EDR 3.02 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | HDR 3.02 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | NDR 3.02 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | SAR 3.02 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | HDR 3.02 RE (1) | SL-2 | NA | +--------------------+---------------------+-----------------------+ | CR 3.03 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | CR 3.04 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR 3.04 RE (1) | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | CR 3.05 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR 3.06 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | CR 3.07 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR 3.08 | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | CR 3.09 | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | CR 3.10 | NA | NA | +--------------------+---------------------+-----------------------+ | EDR 3.10 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | HDR 3.10 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | NDR 3.10 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | EDR 3.10 RE(1) | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | HDR 3.10 RE(1) | SL-2 | NA | +--------------------+---------------------+-----------------------+ | NDR 3.10 RE(1) | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | CR 3.11 | NA | NA | +--------------------+---------------------+-----------------------+ | EDR 3.11 | SL-2 | NA | +--------------------+---------------------+-----------------------+ | HDR 3.11 | SL-2 | NA | +--------------------+---------------------+-----------------------+ | NDR 3.11 | SL-2 | NA | +--------------------+---------------------+-----------------------+ | EDR 3.11 RE(1) | SL-3 | NA | +--------------------+---------------------+-----------------------+ | HDR 3.11 RE(1) | SL-3 | NA | +--------------------+---------------------+-----------------------+ | NDR 3.11 RE(1) | SL-3 | NA | +--------------------+---------------------+-----------------------+ | CR 3.12 | NA | NA | +--------------------+---------------------+-----------------------+ | EDR 3.12 | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | HDR 3.12 | SL-2 | NA | +--------------------+---------------------+-----------------------+ | NDR 3.12 | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | CR 3.13 | NA | NA | +--------------------+---------------------+-----------------------+ | EDR 3.13 | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | HDR 3.13 | SL-2 | NA | +--------------------+---------------------+-----------------------+ | NDR 3.13 | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | CR 3.14 | NA | NA | +--------------------+---------------------+-----------------------+ | EDR 3.14 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | HDR 3.14 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | NDR 3.14 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | EDR 3.14 RE(1) | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | HDR 3.14 RE(1) | SL-2 | NA | +--------------------+---------------------+-----------------------+ | NDR 3.14 RE(1) | SL-2 | PASS | +--------------------+---------------------+-----------------------+ 6.4 FR-4 Data Confidentiality ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +--------------------+---------------------+-----------------------+ | IEC Requirement ID | Security level (SL) | CIP Compliance Status | +====================+=====================+=======================+ | CR-4.01 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR-4.02 | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | CR-4.03 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ 6.5 FR-5 Restricted Data Flow ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +--------------------+---------------------+-----------------------+ | IEC Requirement ID | Security level (SL) | CIP Compliance Status | +====================+=====================+=======================+ | CR-5.01 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | CR-5.02 | NA | NA | +--------------------+---------------------+-----------------------+ | NDR 5.02 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | NDR 5.02 RE (1) | SL-2 | NA | +--------------------+---------------------+-----------------------+ | NDR 5.02 RE (2) | SL-3 | NA | +--------------------+---------------------+-----------------------+ | NDR 5.02 RE (3) | SL-3 | NA | +--------------------+---------------------+-----------------------+ | CR 5.03 | NA | NA | +--------------------+---------------------+-----------------------+ | NDR 5.03 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | CR 5.04 | NA | NA | +--------------------+---------------------+-----------------------+ 6.6 FR-6 Timely response to events ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +--------------------+---------------------+-----------------------+ | IEC Requirement ID | Security level (SL) | CIP Compliance Status | +====================+=====================+=======================+ | CR-6.01 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR-6.01 RE (1) | SL-3 | NA | +--------------------+---------------------+-----------------------+ | CR-6.02 | SL-2 | PASS | +--------------------+---------------------+-----------------------+ 6.7 FR-7 Resource Availability ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +--------------------+---------------------+-----------------------+ | IEC Requirement ID | Security level (SL) | CIP Compliance Status | +====================+=====================+=======================+ | CR-7.01 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR-7.01 RE (1) | SL-2 | PASS | +--------------------+---------------------+-----------------------+ | CR-7.02 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | CR-7.03 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | CR-7.03 RE (1) | SL-2 | NA | +--------------------+---------------------+-----------------------+ | CR-7.04 | SL-1 | NA | +--------------------+---------------------+-----------------------+ | CR-7.05 | NA | NA | +--------------------+---------------------+-----------------------+ | CR-7.06 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR-7.07 | SL-1 | PASS | +--------------------+---------------------+-----------------------+ | CR-7.08 | SL-2 | PASS | +--------------------+---------------------+-----------------------+ 6.8 SL-3 and SL-4 Requirements ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Following SL-3 & SL-4 requirements were out of scope for assessment hence marked as NA. +--------------------+---------------------+-----------------------+ | IEC Requirement ID | Security level (SL) | CIP Compliance Status | +====================+=====================+=======================+ | CR-1.02 RE (1) | SL-3 | NA | +--------------------+---------------------+-----------------------+ | CR-1.05 RE (1) | SL-3 | NA | +--------------------+---------------------+-----------------------+ | CR-1.07 RE (1) | SL-3 | NA | +--------------------+---------------------+-----------------------+ | CR-1.07 RE (2) | SL-4 | NA | +--------------------+---------------------+-----------------------+ | CR-1.09 RE (1) | SL-3 | NA | +--------------------+---------------------+-----------------------+ | CR-1.14 RE (1) | SL-3 | NA | +--------------------+---------------------+-----------------------+ | CR-2.01 RE (3) | SL-3 | NA | +--------------------+---------------------+-----------------------+ | CR-2.01 RE (4) | SL-4 | NA | +--------------------+---------------------+-----------------------+ | CR-2.07 | SL-3 | NA | +--------------------+---------------------+-----------------------+ | CR-2.09 RE (1) | SL-3 | NA | +--------------------+---------------------+-----------------------+ | CR-2.11 RE (2) | SL-4 | NA | +--------------------+---------------------+-----------------------+ | CR-2.12 RE (1) | SL-4 | NA | +--------------------+---------------------+-----------------------+ | CR-3.03 RE (1) | SL-4 | NA | +--------------------+---------------------+-----------------------+ | CR-3.04 RE (2) | SL-3 | NA | +--------------------+---------------------+-----------------------+ | CR-3.09 RE (1) | SL-4 | NA | +--------------------+---------------------+-----------------------+ | CR-4.02 RE (1) | SL-3 | NA | +--------------------+---------------------+-----------------------+ | CR-4.02 RE (2) | SL-3 | NA | +--------------------+---------------------+-----------------------+ | CR-7.06 RE (1) | SL-3 | NA | +--------------------+---------------------+-----------------------+ 7. CIP IEC-62443-4-2 Assessment Summary ---------------------------------------- CIP IEC-62443-4-2 final assessment is in progress. This document will be updated further based on final assessment summary and results.