Mapping

IEC-62443-4-1

Title Description Compliant
DM-1 Receiving Notifications of Security Related Issues Yes
DM-2 Reviewing Security Related Issues N/A
DM-3 Assessing Security Related Issues Yes
DM-4 Addressing Security Related Issues Yes
DM-5 Disclosing Security Related Issues Yes
DM-6 Periodic Review of Defect Management Practice Yes
SD-1 Secure Design Principles Yes
SD-2 Defense in Depth Design Yes
SD-3 Security design Review No
SD-4 Secure Design Best Practices No
SG-1 Product Defense In Depth Partial
SG-2 Defense in Depth Measures expected in the Environement No
SG-3 Security Hardening Guidelines No
SG-4 Secure Disposal Guidelines No
SG-5 Secure Operation Guidelines No
SG-6 Account Management Guidelines No
SG-7 Documentation Review No
SI-1 Security Implementation Review No
SI-2 Secure Coding Standards No
SM-1 Development Process Partial
SM-10 Custom Developed Components from Third-Parties No
SM-11 Assessing and Addressing Security Related Issues No
SM-12 Process Verification No
SM-13 Continuous Improvement No
SM-2 Identification of Responsibilities No
SM-3 Identification of Applicability No
SM-4 Security Expertise No
SM-5 Process Scoping No
SM-6 File Integrity No
SM-7 Development Environment Security No
SM-8 Controls for Private Keys No
SM-9 Security Requirements for Externally Provided Components No
SR-1 Product Security Context No
SR-2 Threat Model No
SR-3 Product Security Requirements No
SR-4 Product Security Requirements Content No
SR-5 Security Requirements Review No
SUM-1 Security Update Qualification No
SUM-2 Security Update Documentation No
SUM-3 Dependent Component or OS Security Update Documentation No
SUM-4 Security Update Delivery No
SUM-5 Timely Delivery of Security Patches No
SVV-1 Security Requirements Testing No
SVV-2 Threat Mitigation Testing No
SVV-3 Vulnerability Testing No
SVV-4 Penetration Testing No
SVV-5 Independence of Testers No