Question 1

What is ISASecure SSA certification?

Accepted Answer

ISASecure SSA (System Security Assurance) certifies an integrated industrial automation system against IEC 62443-3-3. Evaluation is performed per security zone and runs three parallel assurance streams: Secure Development Artifacts (SDA), the Functional Security Assessment (FSA) against IEC 62443-3-3, and Vulnerability Identification Testing (VIT). Rather than producing a single system-wide grade, the certificate binds the Security Level (SL) achieved in each zone.

Question 2

What does IEC 62443-3-3 specify?

Accepted Answer

IEC 62443-3-3 defines system security requirements for industrial automation and control systems, organised into seven Foundational Requirements: FR1 Identification and Authentication Control, FR2 Use Control, FR3 System Integrity, FR4 Data Confidentiality, FR5 Restricted Data Flow, FR6 Timely Response to Events, and FR7 Resource Availability. Each requirement is defined across four Security Levels (SL 1 to SL 4). In SSA the requirements are evaluated zone by zone, and a Security Level is determined for each zone independently.

Question 3

How does SSA differ from component-level certifications?

Accepted Answer

Component-level certifications (such as CSA) evaluate an individual product. SSA evaluates a complete integrated system, because a system built from individually sound components can still have gaps arising from integration, configuration, or architecture. SSA addresses this by running its three assurance streams across the system: development artifacts applicable to the system (SDA), the Functional Security Assessment of the seven Foundational Requirements per zone (FSA), and per-component Vulnerability Identification Testing graded by each zone's capability Security Level (VIT). A current SDLA certification under IEC 62443-4-1 is a prerequisite.

Question 4

What is the role of zones and conduits in SSA?

Accepted Answer

Zones and conduits define the structure that SSA evaluation follows. Zones are groupings of components that share common security requirements; conduits are the communication channels between zones and to external endpoints. Planning establishes the zone breakdown — each zone's capability Security Level, the conduits between them, and the components mapped to each zone — and the Functional Security Assessment then evaluates the IEC 62443-3-3 Foundational Requirements zone by zone. The same requirement may achieve a different result in different zones.

Question 5

Why is the Security Level reported per zone?

Accepted Answer

Because a system rarely needs the same protection everywhere, SSA determines and reports the Security Level achieved in each zone rather than a single system-wide grade. The certificate lists the SL per zone, so a deploying asset owner can match their own zone targets directly to the certificate. A zone that falls short of its claimed Security Level can be bound at a lower level rather than failing the entire certificate; refusal generally means a zone failed even the minimum bar or that major nonconformities went unresolved.

Question 6

Who typically seeks SSA certification?

Accepted Answer

SSA certification is primarily pursued by system vendors and solution providers who deliver complete industrial automation systems, including DCS platform providers, SCADA system vendors, packaged automation solution providers, and system integrators delivering turnkey solutions. Asset owners may also use SSA criteria as a basis for procurement specifications or for the security acceptance of deployed systems, matching their zone targets to the certificate's per-zone Security Levels.

Question 7

How long does SSA certification take?

Accepted Answer

Timelines depend on system complexity — the number of zones and components, the capability Security Levels claimed per zone, and the availability of a representative test environment. Systems with more zones and higher claimed Security Levels require more extensive evaluation across all three assurance streams. A current SDLA certification under IEC 62443-4-1 must be in place before SSA evaluation begins. We scope and confirm the schedule during planning, once the zone breakdown is agreed.

System Security Assurance (SSA)

System-Level Security Assessment

Per-Zone Evaluation

Three Assurance Streams

IEC 62443-3-3

SDLA Prerequisite

The Seven Foundational Requirements

FR1 — Identification & Authentication Control

FR2 — Use Control

FR3 — System Integrity

FR4 — Data Confidentiality

FR5 — Restricted Data Flow

FR6 — Timely Response to Events

FR7 — Resource Availability

SSA Certification Process

Planning

Frequently Asked Questions

Certify Your System Security