Discover ISASecure ACSSA, a new certification for a unified security assessment in OT environments based on the IEC 62443 series.
Goal and target groups
The overarching goal of ACSSA is to establish a globally recognized reference for assessing the security of OT environments. The developers aim for the ACSSA assessment to become the primary reference point for a range of stakeholders, including operators who want to review their own systems, consultants conducting security analyses for clients, certification bodies issuing formal confirmations or certificates, and regulators setting policies for the security of critical infrastructures.
A unified assessment approach
ACSSA is intended to provide a consistent methodology for evaluating and certifying the security of automation and control systems across different operational environments. This consistency is important because it enables comparability and reliability of results across different sites and industries.
Use cases
The application areas for ACSSA are diverse. The method can be used to assess the security of production facilities and control systems in various situations. This includes normal operational conditions, where regular review of security measures is important. ACSSA can also be applied after system renewals or upgrades to ensure that changes have not introduced new vulnerabilities. Additionally, the method plays an important role during the commissioning of new plants to ensure a high level of security from the start.
Scope of the assessment
The content of the ACSSA assessment is comprehensive and covers several security aspects. It includes detailed security requirements that must be met, as well as precise instructions for assessors to ensure a consistent evaluation. The assessment foresees the use of specific tools and procedures to support the security analysis. It also contains a clear description of the certification process and defines evaluation criteria that determine whether a system meets the requirements.
Cross-industry applicability
A particular advantage of ACSSA is its broad applicability across industries. The method can be used in sectors as varied as rail, building technology, energy supply, water and wastewater management, and ports. This versatility should make ACSSA an important instrument for improving security in critical infrastructure sectors.
Conclusion
In summary, the ISASecure ACSSA certification represents a promising development in the security assessment of automation and control systems. With its comprehensive and standardized approach, it has the potential to improve security across industries and to set uniform benchmarks. Its broad applicability and consideration of different user groups make ACSSA an important tool for strengthening security in increasingly networked and automated operational technologies.