| Part B: Supplementary Information Sheet (SIS) |
|
FR Recognition List Number
|
032
|
Date of Entry 08/06/2013
|
|
FR Recognition Number
|
13-61
|
| Standard | |
IEC 62443-2-1 Edition 1.0 2010-11
Industrial communication networks - Network and system security - Part 2-1: Establishing an industrial automation and control system security program |
|
Scope/AbstractThis part of IEC 62443 defines the elements necessary to establish a cyber security management system (CSMS) for industrial automation and control systems (IACS) and provides guidance on how to develop those elements. This standard uses the broad definition and scope of what constitutes an IACS described in IEC/TS 62443-1-1.
The elements of a CSMS described in this standard are mostly policy, procedure, practice and personnel related, describing what shall or should be included in the final CSMS for the organization.
NOTE 1 Other documents in the IEC 62443 series and in the Bibliography discuss specific technologies and/or solutions for cyber security in more detail.
The guidance provided on how to develop a CSMS is an example. It represents the author's opinion on how an organization could go about developing the elements and may not work in all situations. The users of this standard will have to read the requirements carefully and
apply the guidance appropriately in order to develop a fully functioning CSMS for an organization. The policies and procedures discussed in this standard should be tailored to fit within the organization.
NOTE 2 There may be cases where a pre-existing CSMS is in place and the IACS portion is being added or there may be some organizations that have never formally created a CSMS at all. The authors of this standard cannot anticipate all cases where an organization will be establishing a CSMS for the IACS environment, so this standard does not attempt to create a solution for all cases. |
|
| Extent of Recognition
|
Rationale for Recognition
This standard is relevant to medical devices and is recognized on its scientific and technical merit and/or because it supports existing regulatory policies.
NOTE: Conformance to this standard may not satisfy all the cybersecurity requirements outlined in Section 524B of FD&C Act or the recommendations in the (1) listed below (Relevant FDA Guidance). Manufacturers should consider the information contained within these resources in their assessment of cybersecurity for their device. |
|
Public Law, CFR Citation(s) and Procode(s)*
| Any procode which describes a networkable medical device |
|
Relevant FDA Guidance and/or Supportive Publications*
1. Cybersecurity in Medical Devices: Quality Management System Considerations and Content of Premarket Submissions, Guidance for Industry and Food and Drug Administration Staff, issued February 2026.
2. Postmarket Management of Cybersecurity in Medical Devices, Guidance for Industry and Food and Drug Administration Staff, issued December 2016.
3. Design Considerations and Pre-market Submission Recommendations for Interoperable Medical Devices, Guidance for Industry and Food and Drug Administration Staff, issued September 2017.
4. NIST Special Publication 800-82, Guide to Industrial Control Systems (ICS) Security, June 2011
Appropriate Use of Voluntary Consensus Standards in Premarket Submissions for Medical Devices - Guidance for Industry and Food and Drug Administration Staff, issued September 2018. |
|
| FDA Technical Contact
|
| Standards Development Organization
|
| FDA Specialty Task Group (STG)
|
| *These are provided as examples and others may be applicable. |
