Summary: The SDLP program is divided into two main processes. The "Design & Development Process" and the "Production & Support Process". These two processes are described below.

Secure Development Lifecycle Program (SPLP)
Copyright © 2023 by WisePlant Group LLC. All rights reserved. Do not copy or distribute.

Preface

This document is currently under development.

The SDLP has been prepared to comply with ISA/IEC-62443-4-1 of ISA, the International Society for Automation, toward a goal of uniformity in the development of secure products. To be of real value, this program should not be static but should be subject to periodic review. Toward this end, WisePlant Group LLC welcomes all comments and criticisms and asks that they be addressed.

Introduction

This program defines a series of procedures and processes that address the issue of security for industrial automation and control systems (IACS). Describes product development life-cycle requirements related to cybersecurity for products intended for use in the industrial automation and control systems environment, and provides guidance on how to meet the requirements described for each element.

The program has been developed in large part from the Secure Development Life-cycle Assessment (SDLA) Certification Requirements [24] from the ISA Security Compliance Institute (ISCI). Note that the SDLA procedure was based on the following sources:

• ISO/IEC 15408-3 (Common Criteria) [16];
• Open Web Application Security Project (OWASP) Comprehensive, Lightweight Application Security Process (CLASP) [35];
• The Security Development Life-cycle by Michael Howard and Steve Lipner [45];
• IEC 61508 Functional safety of electrical/electronic/programmable electronic safety-related systems [22], and
• RCTA DO-178B Software Considerations in Airborne Systems and Equipment Certification [27], Therefore, all these sources can be considered contributing sources to this standard.

The program guides the development and production team to comply with the ISA-62443 series that contains security requirements for developers of any automation and control products where security is a concern.

Scope

Specifies process requirements for the secure development of products used in industrial automation and control systems. It defines a secure development life-cycle (SDL) for developing and maintaining secure products. This life-cycle includes security requirements definition, secure design, secure implementation (including coding guidelines), verification and validation, defect management, patch management and product end-of-life. These requirements can be applied to new or existing processes for developing, maintaining and retiring hardware, software, or firmware for new or existing products. These requirements apply to the in-house and out-house resources involved in the development and support of the ZCM System.

Main Processes

The SDLP program is divided into two main processes. The “Design & Development Process” and the “Production & Support Process”. These two processes are described below.

Design & Development Process

SDLP: Design & Development Process Copyright © 2023 by WisePlant Group LLC.

Production & Support Process

ISA/IEC-62443-4-1

This document should be used by the product developers or manufacturers to

ISA/IEC-62443-4-2

This document should be used by product developers or manufacturers to create