Governments and industry organizations have defined several security standards, guidelines, and “best practices,” which provide recommendations and/or requirements that are enforced through penalties and fines, depending on the industry you are in. Until a few years ago, most of these standards focused on general information security. However, the number of industrial-specific (that is, ICS) security standards has increased significantly.
Common ICS-related security standards include the following:
• National Institute of Standards and Technology (NIST) Special Publication 800-82
• International Society of Automation (ISA)/IEC 62443 (formerly ISA-99, and also referred to as just ISA 62443 as well ...