Certification
Products - Cyber Security
“Software Security Assurance (SSA) is the process of ensuring that software is designed to operate at a level of security that is consistent with the potential harm that could result from the loss, inaccuracy, alteration, unavailability, or misuse of the data and resources that it uses, controls, and protects”The ISA Secure Certification Program for Embedded Devices (PLCs, controllers, digital protective relays, communication modules)
*ISA Secure is a program established by the ISA Security Compliance Institute (ISCI) to establish a set of well-engineered specifications and processes for the testing and certification of critical control systems products
Assessment & Certification Services
To validate the security and reliability of industrial automation products against the ISA Secure Embedded Device Security Assurance specifications, exida provides the following services:
- Communication Robustness Testing (CRT) - Evaluates how well the product meets the ISA Secure EDSA communications robustness specification using the Achilles Level 2 ISA Secure EDSA recognized test platform.
- Functional Security Assessment (FSA) - Review how well the design meets the functional security requirements of the target ISASecure Level defined in the ISA Secure EDSA specification.
- Software Development Security Assessment (SDSA) - Reviews the product development processes used and evaluates how well the current processes meet the software development security requirements of the ISA Secure EDSA specifications.
- Integrated Threat Analysis (ITA) - Documents threats that are mitigated by the features and functions of the product vs. those that are the user’s responsibility to mitigate.
- Gap analysis - Reviews the existing development procedures to determine any major gaps between the requirements of the applicable standard(s) and the quality management procedures.
The Embedded Device Security Assurance Specifications
- ISASecure Embedded Device Security Assurance (EDSA) certification scheme (EDSA-100, V1.1, June 2010)
- EDSA Certification Requirements (EDSA 300, V2.0, June 2010)
- Common Requirements for Communication Robustness Testing (CRT) (ESDA-310, V1.47, 2010)
- Ethernet robustness test spec (ESDA-401, V2.0, 2010)
- ARP robustness test specification (ESDA-402, V2.3, 2010)
- IPv4 robustness test specification (ESDA-403, V1.3, 2010)
- ICMPv4 robustness test specification (ESDA-404, V1.3, 2010)
- UDP robustness test specification (ESDA-405, V2.6, 2010)
- TCP robustness test specification (ESDA-406, V1.4, 2010)
- Functional Security Assessment (FSA) (ESDA-311, V1.4, 2010)
- Software Development Security Assessment (SDSA) (ESDA-312, V1.4, 2010)
ANSI/ACLASS Accredited Certification
ISASecure Embedded Device Security Assurance (EDSA) certification is accredited as an ISO/IEC Guide 65 conformance scheme by ANSI/ACLASS. This includes both ISO/IEC 17025 and ISO/IEC 17011.
