Representative End User Clients
Representative Automation Clients
Representative Software Clients
Effective patch management is an important element of a comprehensive security program for industrial control systems (ICS). The complexity and criticality of this environment present specific challenges to asset owners. They need practical guidance that acknowledges and addresses these challenges. The ISA99 committee has provided this type of guidance in the ISA-TR62443-2-3 technical report.
Building on previous (more general) guidance from other sources, the ISA-TR62443-2-3 report takes an approach tailored for the ICS environment. This includes defining a patch life cycle and associated activities as well as providing a description of specific responsibilities for both the asset owner and solution provider. These are supported by improved methods and tools, such as a standard format for defining and exchanging patch-related information.
The State of Patch Management for Industrial Control Systems
Just as with general-purpose information systems, industrial control systems must be patched or updated periodically to prevent vulnerabilities from being exploited and ensure correct operation. The scope must include changes to systems and applications software as well as any related configuration settings.
ARC Advisory Group clients can view the complete report at this Link.
If you would like to buy this report or obtain information about how to become a client, please Request ARC Info
Keywords: Cyber Security, IACS, ISA-62443, ISA99, Patch Management, ARC Advisory Group.