IEC 62443 Industrial Automation and Control Systems Security
The international standard series for securing industrial automation and control systems (IACS) across the IT/OT boundary.
What IEC 62443 actually is.
IEC 62443 is the multi-part standard series for IACS cybersecurity, organised across four groups: General (62443-1-x), Policies and Procedures (62443-2-x), System (62443-3-x) and Component (62443-4-x). Its most-cited concepts are the zone-and-conduit model, Security Levels (SL 1–4), and the Foundational Requirements. It is widely used by utilities, manufacturers and OEMs, and is one of the accepted bases for cyber-hazard obligations under the Australian CIRMP Rules.
Operators, integrators and product suppliers of industrial control systems - electricity, water, oil & gas, manufacturing, transport and building management.
The control areas the framework covers.
Summary of the control families and outcomes the framework drives. Always validate against the official publication for the authoritative wording.
-
01
Risk assessment and system design
Identify zones and conduits and assign Security Levels to each.
-
02
Identification and authentication
Identify and authenticate users, software processes and devices.
-
03
Use control
Restrict privileges; limit the use of networked resources to authorised entities.
-
04
System integrity
Protect the integrity of IACS including input validation, session integrity and malicious code detection.
-
05
Data confidentiality
Protect the confidentiality of information at rest and in transit.
-
06
Restricted data flow
Segment IACS networks through zones and conduits.
-
07
Timely response to events
Respond to security violations through continuous monitoring and forensic capability.
-
08
Resource availability
Ensure availability of IACS against degradation or denial of essential services.
Read it from the issuing body.
For anything with a regulator or certification body behind it, the authoritative text is what counts - not our summary.
IEC 62443 Industrial Automation and Control Systems Security
iec.ch/cyber-security
Content on this page is a plain-language summary for programme planning. It is not legal or regulatory advice, and it does not replace a current copy of the issuer's publication.
How Vectra delivers against IEC 62443.
Assessment, engineering and operational services that line up with the framework's control areas.
Penetration Testing
Find it before the attackers do - CREST-certified engagements that deliver actionable findings, not compliance checkboxes.
Managed Detection & Response
Sovereign Australian XDR powered by nine global SOCs, AWS Australia hosting and 24x7 human-verified response.
Virtual CISO
Fractional security leadership embedded with your executive team.
Where IEC 62443 shows up.
Sectors where Vectra most commonly applies this framework. Click through for the industry-specific program view.
Critical Infrastructure
SOCI Act-aligned OT/ICS cybersecurity for energy, water, telecommunications, transport and data-storage operators.
Aviation & Logistics
Cybersecurity for airports, airlines, freight forwarders, ports and supply-chain operators under SOCI, MTOFSA and ICAO.
Security, engineered around you.
Talk to an engineer - not a call centre. Most Vectra conversations start with a 30-minute technical briefing and end with a written plan.