ISA99 Committee on Industrial Automation and Control Systems Security
Welcome to the ISA99 Committee Wiki!
The committee provides this site as a means of facilitating collaboration, both within the committee as well as with interested stakeholders.
Anyone can use the links provided on these pages to review recent committee news and monitor committee activities. There is also a graphical overview of our work products and a more detailed list of all work products which includes links to current drafts.
There is also information about the composition and status of the various committee work groups, as well as a page devoted to the topic of committee participation (including instructions on how to join the committee).
Finally, those who are participating committee members can logon by selecting the link at the top of the page and entering the credentials provided by ISA. This will allow you full access to the committee collaboration portal, which includes copies of work in progress, meeting notes and other related information..
The purpose of the ISA99 committee is to develop and establish standards, recommended practices, technical reports, and related information that will define procedures for implementing electronically secure industrial automation and control systems and security practices and assessing electronic security performance. Guidance is directed towards those responsible for designing, implementing, or managing industrial automation and control systems as defined in the committee scope. This guidance also applies to users, system integrators, security practitioners, and control systems manufacturers and vendors.
The Committee's focus is to improve the confidentiality, integrity, and availability of components or systems used for industrial automation and control and provide criteria for procuring and implementing secure control systems. Compliance with the Committee's guidance will improve system electronic security, and will help identify vulnerabilities and address them, thereby reducing the risk of compromising confidential information or causing degradation or failure of the equipment or process under control.
All work and activities of the ISA99 committee are governed by the general procedures and rules established by the ISA Standards and Practices board. More information is available on the ISA web site. In addition the committee has defined more specific and detailed governance processes and procedures that assist in guiding committee activities.
Terminology and Concepts
In the case of a large collection of related standards and reports such as those that form the ISA99 work plan it is critical that there be consistency across the various documents with respect to terminology and the concepts or elements that form the basis for the positions taken in the standards.
With regard to terminology the committee maintains a common set of terminology for use across all committee work products. The working information is maintained in the form of a Master Glossary on this Wiki, with the idea that as it becomes established it will be published in the form of a technical report ISA-TR62443-1-2.
The general context for the ISA-62443 series of standards and technical reports is expressed as a set of Security Lifecycle Models.
Common and Fundamental Concepts
A major part of the foundation for the series of standards is in the form of a set of General Concepts and Fundamental Concepts that are developed on this Wiki and once approved, published as part of the standard ISA-62443-1-1.
In oreder to illustrate the use or application of the ISA-62443 series of work products the committee provides one or more Case Studies.
The content of this Wiki is maintained for committee members, by committee members. Changes and additions are made based on need and availability of resources. If you feel that the site would benefit from additional information please suggest changes to any contributing committee member.
For contributors and potential contributors there are general instructions on How To Use This Wiki Library, as well as more detailed instructions for selected specific activities. For example, instructions are provided on How to Maintain the Master Glossary.