Green coding screen
DEKRA Solutions

With IEC 62443, you contribute to a safe, reliable and future-proof industrial infrastructure

IEC 62443

The industry standard IEC 62443 for cybersecurity

It’s vital to protect the users of your connected products from the ever increasing number of cyber attacks happening in the world today. Certification against parts of the IEC 62443 series, the industry standard for cybersecurity, helps you do this. It minimises the risk of your products or product components becoming the target of cyber attacks. DEKRA is a designated test institute that certifies against various parts of IEC 62443 and offers a comprehensive approach to the cybersecurity of your products. This page tells you more about the IEC 62443 series.

IEC 62443 is specifically focused on the security of industrial communication networks and systems. These standards address both technical and procedural aspects of industrial automation and control systems (IACS). IEC 62443 consists of various sub-standards that apply to industrial IoT (Internet of Things) products. Our experts are always happy to discuss whether certification against these sub-standards is appropriate for your organisation.
IEC 62443 certification is particularly relevant for sectors like the manufacturing, energy-supply and infrastructure sectors, in which cyber attacks can have major consequences. It covers various aspects of cybersecurity, including the design and implementation of security measures, risk management and the evaluation of cybersecurity programmes. We focus on the sub-frameworks of the standard below.

Various IEC 62443 sub-standards

IEC 62443-2-4: Requirement of IACS Service Providers
This sub-standard explains terms to which the standard applies.
IEC 62443-3-3: System security requirements and levels
IEC 62443-4-1: Secure product development lifecycle requirements
IEC 62443-4-2: Technical security requirements for IACS components

Cybersecurity throughout the value chain

By following IEC 62443 standards, organizations can significantly strengthen the security of their industrial systems. These international standards not only help protect against increasingly advanced cyber attacks, but also support in demonstrating compliance with legal and regulatory requirements, such as the NIS2 directive. IEC 62443 was developed specifically for Operational Technology (OT) and focuses on both technical security measures and organizational processes. Such an approach to cybersecurity covers the entire value chain - from product development and system integration to operational management. This makes the standard ideally suited to critical sectors such as energy, infrastructure, manufacturing and healthcare, where the impact of a cyber incident can be significant. Because of this, IEC 62443 contributes to a secure, reliable and future-proof industrial infrastructure.

Security levels: the degree of security

Sub-standards IEC 62443-4-2 and IEC 62443-3-3 define four Security Levels (SLs) when evaluating technical requirements for products and systems. The levels indicate the extent of resistance to different classes of attack. In other words, they answer the following question: how well has a product or system been secured against hackers? The various security levels are as follows:
  • SL 1: protection against casual or incidental violation.
  • SL 2: protection against intentional violation using simple means with low resources, generic skills and low motivation.
  • SL 3: protection against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivation.
  • SL 4: protection against intentional violation using sophisticated means with extended resources, IACS specific skills and high motivation.

IEC 62443 certification as compliance for NIS2

Although IEC 62443 and NIS2 (mandatory European cybersecurity legislation) focus on different aspects of cybersecurity, they complement each other perfectly: compliance with NIS2 is mandatory and this can be demonstrated by gaining certification against a standard like IEC 62443. NIS2 emphasises a holistic approach to cybersecurity in which the entire chain is put under the microscope, from suppliers to end users. Companies in an industrial environment can gain certification against IEC 62443 to meet the various requirements.
NIS2 requires the entire supply chain to put cybersecurity measures in place, from developer to end user. The following easy, four-step route has been created for industrial products for this purpose:
Step 1
Step 2
Step 3
Step 4
By complying with both NIS2 legislation (mandatory) and industry standard IEC 62443, organisations can ensure they comply with laws and regulations and also strengthen their overall cyber resilience. With cyber threats becoming more and more advanced and prolific, this is crucial.

DEKRA Seal

For IEC 62443-4-1 and IEC 62443-2-4, DEKRA also offers its own DEKRA Seal. Since these standards focus on organizational processes, it makes sense to conduct annual audits. However, within the IEC framework, annual audits are not mandatory for these certifications.
To provide organizations with the opportunity to demonstrate to their customers that their processes are reviewed annually, DEKRA has developed the DEKRA Seal. This includes an annual remote audit, confirming that the processes remain effectively embedded within the organization.
These DEKRA Seals also indicate the organization’s maturity level and can be used for marketing purposes, serving as a unique selling point.

Want to know more about IEC 62443 certification?

The experts at DEKRA are always happy to help you identify the cybersecurity you need for your products and components. We have the experience and expertise necessary to provide excellent support. So, please don’t hesitate to contact us.
Cybersecurity blogs