The Industry IoT Consortium (IIC) and the International Society of Automation announced the IoT Security Maturity Model (SMM): 62443 Mappings for Asset Owners, and Product Suppliers, and Service Suppliers. This new guidance extends the previously published IoT Security Maturity Model (SMM): Practitioner’s Guide to provide mappings to existing 62443 standards and specific guidance for the asset owner, product supplier, and service provider roles.
The IIC IoT SMM is designed to help organizations choose their security target state and determine their current security state. By repeatedly comparing the target and current states, organizations can identify where they can make further improvements.
The ISA99 committee developed the 62443 series of standards, which the International Electrotechnical Commission (IEC) adopted. The standards address current and future vulnerabilities in Industrial Automation and Control Systems (IACS) and apply necessary mitigation systematically and defensibly. The ISA/IEC 62443 standards focus on maturity, but only on the maturity of security programs and processes.
These 62443 mappings are designed to enable practitioners to better achieve security maturity by relating IIC IoT SMM practice comprehensiveness levels to ISA/IEC 62443 requirements. In this way, IACS asset owners and product suppliers can achieve appropriate maturity targets more easily.
Eric Cosman, co-chair of the ISA99 and ARC contributing analyst, said, “While standards such as ISA/IEC 62443 are needed to codify proven and accepted engineering practices, they are seldom sufficient. Joint efforts such as this provide the practical guidance necessary to promote and support their adoption.”
Download IoT SMM: 62443 Mappings for Asset Owners, Product Suppliers and Service Providers here.