ISASecure Certification

IIoT Component Security Assurance (ICSA)

Security certification for Industrial IoT components — field devices and gateways — against IEC 62443-4-2 plus the ISASecure IIoT extensions. ICSA combines three assurance streams — secure development artifacts (SDA), functional security assessment (FSA), and vulnerability identification testing (VIT) — to validate component security for critical infrastructure environments.

Start ICSA CertificationView Testing Methodology

Comprehensive IIoT Component Security Testing

Overview

ISASecure ICSA (IIoT Component Security Assurance) certifies the security of Industrial IoT components — field devices and gateways — against IEC 62443-4-2 together with the ISASecure IIoT extensions. It runs three parallel assurance streams — development artifacts, functional security, and vulnerability testing — that together provide evidence-based assurance a component is fit for deployment in connected industrial environments.

ICSA is scoped two ways. First by device type — an IIoT field device or an IIoT gateway. Second by tier — Core for a baseline level of assurance, or Advanced for higher-stakes deployments — which determines the additional IIoT requirements and the vulnerability-testing pass criteria that apply to the component.

A current SDLA certification of the vendor's secure-development process is a prerequisite for ICSA. Perseus performs the functional testing in its ISO/IEC 17025-accredited laboratory, with experienced analysts who understand both cybersecurity and industrial automation — ensuring rigorous, repeatable evaluation.

Development Artifacts (SDA)

Secure-development evidence for the component, per IEC 62443-4-1

Functional Security (FSA)

IEC 62443-4-2 plus IIoT extensions, evaluated per interface

Vulnerability Testing (VIT)

Vulnerability identification testing with tier-based pass criteria

Device Type & Tier

Scoped by IIoT field device / gateway and Core / Advanced tier

The Three ICSA Assurance Streams

Assessment Methodology

Secure Development Artifacts (SDA)

Verification of the secure-development evidence for the component against IEC 62443-4-1, including the IIoT-specific sub-requirements. The vendor's SDLA certification is the prerequisite; SDA confirms the artifacts for this component.

  • Security requirements
  • Secure-by-design evidence
  • Implementation & verification
  • Defect & vulnerability management
  • Security update management

Functional Security Assessment (FSA)

Accredited evaluation of the component against IEC 62443-4-2 plus the ISASecure IIoT extensions, filtered by device type and tier, with network-related requirements evaluated per interface.

  • Identification & authentication
  • Use control / authorization
  • System & data integrity
  • Data confidentiality
  • Per-interface evaluation

Vulnerability Identification Testing (VIT)

Vulnerability identification testing of the component in a known-good state, with findings triaged by the evaluator before disclosure. Pass criteria are set by the component's tier (Core or Advanced).

  • Known-vulnerability scanning
  • Finding triage & validation
  • Tier-based pass criteria
  • Known-good test state
  • Disclosure after sign-off

ICSA Certification Process

Our Approach

Driving standards

  • IEC 62443-4-2 — component requirements + IIoT extensions
  • IEC 62443-4-1 — secure development (SDLA prerequisite)
  • ISO/IEC 17025 — accredited testing
  • ISO/IEC 17065 — impartial certification decision
EdgesAdvanceAbandonClick any node for detail
ISASecure ICSA

Planning

Confirm the IIoT device type (field device or gateway) and tier (Core for baseline, Advanced for higher-stakes). The tier drives which requirements apply. A current SDLA certification is a prerequisite.

  • Confirm IIoT device type (field device or gateway)
  • Confirm tier (Core or Advanced)
  • Document accessible network interfaces
  • Confirm the SDLA prerequisite; asset owner signs off scope

Frequently Asked Questions

FAQ

ISASecure ICSA (IIoT Component Security Assurance) certifies the security of Industrial IoT components — field devices and gateways — against IEC 62443-4-2 plus the ISASecure IIoT extensions. It evaluates a component through three parallel assurance streams: secure development artifacts (SDA), functional security assessment (FSA), and vulnerability identification testing (VIT), scoped by device type and tier.

Achieve ICSA Certification for Your Component

Partner with Perseus for Industrial IoT component security testing and ISASecure ICSA certification from our accredited Chartered Laboratory.

Request ICSA AssessmentView CSA Certification