News & Events.

IEC 62443 Certification Accreditation by ANSI


  December 11, 2017

exida has received ANSI (American National Standards Institute) accreditation for Certification Body scope extensions for the IEC 62443 cybersecurity standards.  Four new schemes have been defined. 

New schemes include:

  1. The eSDC (exida Security Device Certification) which covers control, network, platform, and application “devices” as defined in IEC 62443.
  2. The eSDP (exida Security Development Process) covers software development procedures.
  3. The eSSP (exida System Security Process) covers system design and integration procedures.
  4. The eSSC (exida System Security Certification) covers cybersecurity of DCS type systems.

“OEMs (Original Equipment Manufacturers) and their suppliers have been rapidly responding to the serious global cybersecurity threat that exists today. An impartial third party program was needed to help companies mitigate threats more rapidly and demonstrate their success to their customers in many different industries.  The exida sSDC program covers embedded control devices and network devices.” stated Dr. William Goble, exida L.L.C. Managing Director.

“The exida eSDP program was established based on our many years of experience in product development procedure implementation. The essential principles of software engineering are similar for functional safety and cybersecurity” stated Mike Medoff, Principal Cybersecurity Engineer.

Dave Gunter, Director of Cybersecurity at exida stated “Pioneering cybersecurity schemes focused on devices.  It was clear to many that a systems level approach was needed.  The exida system level schemes (eSSP and eSSC) are practical solutions to the market need.”

These new cybersecurity schemes add to the pioneering ISCI (ISA Security Compliance Institute) schemes which were the first cybersecurity certifications offered.  exida was accredited for those schemes several years ago.  The exida CACE (Certified Automation Cybersecurity Expert) personnel certification program also rounds out a complete cybersecurity solution for many industries including process control, automation, medical devices, network devices, machine control, automotive, robotics, and autonomous systems.