The TÜV SÜD certificate is based on the standard IEC 62443-4-1 (Secure
Product Development Lifecycle Requirements, Draft 3 Edition 10, 01.2016). This
standard includes security-relevant requirements such as capabilities and
expertise, security of third-party components, process and quality assurance,
secure architecture and design, and issue handling as well as security updates,
patches and change management.
As a leading
automation and software supplier for industry, Siemens is continuously
improving its products and solutions with regard to industrial security. This
also includes the certification based on IEC 62443-4-1. With this achievement,
the company is documenting its "Security by Design" approach for
automation products and is giving integrators and operators a transparent
insight into the IT security measures. Integrators and operators use this for
the conception and operation of automation processes and systems using Siemens
technology and the "Defense in Depth" protection concept.
To ensure comprehensive protection of industrial plants from internal and external cyber attacks, all levels must be protected simultaneously – ranging from the plant management level to the field level and from access control to copy protection. This is why our approach to comprehensive protection offers defense throughout all levels – “defense in depth”. This concept is according to the recommendations of ISA99 / IEC 62443 – the leading standard for security in industrial applications.