ISA/IEC 62443 MODELS AND SECURITY LEVELS [SL] EXAM
QUESTIONS AND ANSWERS WITH COMPLETE SOLUTIONS
GRADED A++
What are the key models in the IEC62443 series?
Reference Model [ANSI/ISA-95]
Asset Model
Reference Architecture
Zone Model
Define "SL" and the 5 levels
A measure of protection confidence, of IACS security and operational function [BaU]
0 = no protection requirements
1 = protection against unintentional violation
2 = protection against intentional violation
- means: simple
- capabilities: low
3 = protection against intentional violation
- means: sophisticated
- capabilities: moderate
4 = protection against intentional violation
- means: sophisticated
- capabilities: high
, What is the application of the SLs within the relevant models?
Overall: SLs assigned based on security requirements, i.e. considered AFTER the
models have been 'applied' to partition the IACS in question
Specifically: SL-Ts applied to zones and conduits, SL-As and SL-Cs considered during
RA process [more on that later]
How can the models be used in IACS environments?
They provide the basis and context upon which policies, processes and procedures are
developed and applied to the assets [IACS]
What is the hierarchy' or relationships between the models and what do they
provide?
Reference model = the overall conceptual basis
1. Policies, procedures and guidelines
2. Asset model = relationship between assets within the IACS
3. Reference architecture = operational, outlines elements/components within the
different assets
4. Zone model = grouping of elements within reference architecture based on
characteristics
What are the focus of each of the reference model levels?
4 = Establishing the basics for production
3 = Work flow and production process optimisation
2 = Production process monitoring and control
1 = Sensing and manipulating production process
0 = Actual production process
QUESTIONS AND ANSWERS WITH COMPLETE SOLUTIONS
GRADED A++
What are the key models in the IEC62443 series?
Reference Model [ANSI/ISA-95]
Asset Model
Reference Architecture
Zone Model
Define "SL" and the 5 levels
A measure of protection confidence, of IACS security and operational function [BaU]
0 = no protection requirements
1 = protection against unintentional violation
2 = protection against intentional violation
- means: simple
- capabilities: low
3 = protection against intentional violation
- means: sophisticated
- capabilities: moderate
4 = protection against intentional violation
- means: sophisticated
- capabilities: high
, What is the application of the SLs within the relevant models?
Overall: SLs assigned based on security requirements, i.e. considered AFTER the
models have been 'applied' to partition the IACS in question
Specifically: SL-Ts applied to zones and conduits, SL-As and SL-Cs considered during
RA process [more on that later]
How can the models be used in IACS environments?
They provide the basis and context upon which policies, processes and procedures are
developed and applied to the assets [IACS]
What is the hierarchy' or relationships between the models and what do they
provide?
Reference model = the overall conceptual basis
1. Policies, procedures and guidelines
2. Asset model = relationship between assets within the IACS
3. Reference architecture = operational, outlines elements/components within the
different assets
4. Zone model = grouping of elements within reference architecture based on
characteristics
What are the focus of each of the reference model levels?
4 = Establishing the basics for production
3 = Work flow and production process optimisation
2 = Production process monitoring and control
1 = Sensing and manipulating production process
0 = Actual production process
