The ISA Security Compliance Institute (ISCI, www.isa.org/ISASecure) approved an Embedded Controller Security Assurance (ECSA) Framework for its ISASecure ECSA test specification. It establishes the scope of the ISASecure test specification and identifies the embedded controller testing approach and high-level criteria for passing or failing the ISASecure tests.
A publicly available version of the ISASecure ECSA Framework, describing the ECSA certification program will be published and posted on the ISCI Web site this month.
The ISASecure ECSA certification includes three broad areas of assessment for embedded controllers – Security Functional Assessment, Protocol Robustness Testing, and Software Development Security Assessment. The ECSA test specification will undergo an independent review and is slated for completion at the end of Q3 2009.
The ISASecuretest specification is designed to be used by suppliers in their product development and manufacturing processes to facilitate baseline security levels in Industrial Automation Control Systems (IACS) products. The same ISASecure test specification will also be used by ISCI-accredited independent labs to certify cyber security characteristics of IAC products using ISCI accredited test tools. ISASecure certification testing will commence in First Quarter 2010.
For more info on the ISASecure inititive, visit www.isa.org/ISASecure.