Developed by the ISA99 committee as American national standards, and adopted globally by the International Electrotechnical Commission (IEC), the ISA/IEC 62443 series of standards address security vulnerabilities in industrial automation and control systems.
ISA/IEC 62443-4-1-2018, Security for Industrial Automation and Control Systems Part 4-1: Product Security Development Life-Cycle Requirements, specifies process requirements for the secure development of products used industrial automation and control systems. The standard defines a secure development lifecycle for developing and maintaining secure products. This lifecycle includes security requirements definition, secure design, secure implementation (including coding guidelines), verification and validation, defect management, patch management and product end-of-life. The standard seeks to address and mitigate current and possible security vulnerabilities in industrial process control technologies.
These requirements can be applied to new or existing processes for developing, maintaining and retiring hardware, software or firmware for new or existing products. The requirements apply to the developer and maintainer of a product, but not to the integrator or user of the product.