Rockwell Automation Obtains Highest Level Product Security IEC Security Certification

June 22, 2023

Rockwell Automation, Inc., one of the world’s largest companies dedicated to industrial automation and digital transformation, has announced it has been recognized for achieving Maturity Level 4 of the globally recognized The International Electrotechnical Commission (IEC)  62443-4-1 industrial cybersecurity certification, the highest level. Certification of the Rockwell Automation SDL was performed independently by TÜV Rheinland.

This certification by the IEC, a global, not-for-profit membership organization that assesses the needs for standards across various industrial applications, demonstrates Rockwell’s continued commitment to security. It represents the strong practices and protocols in place globally to bring secure solutions to our customers. Maturity Level 4 recognizes the highly mature and ubiquitously deployed cybersecurity practices used around the world. In general, the IEC 62443-4-1 standard defines a secure development lifecycle (SDL) for the purpose of developing and maintaining products that are secure by design, used in industrial automation and control systems. Along with other cybersecurity achievements in recent years, Rockwell Automation stands out as a global leader in this area.

“Cybersecurity continues to be top of mind for customers around the world. The IEC 62443 series of standards and certifications allow for customers to make more informed decisions when sourcing, designing, and building their industrial automation and information solutions,” said Tony Baker, vice president and chief product security officer, Rockwell Automation. “These standards provide customers with confidence that the technologies were designed with security in mind, provide the appropriate security controls to secure their application, and that Rockwell Automation will provide on-going security support throughout the products useful life.”

Tony Baker, vice president and chief product security officer, Rockwell Automation

Rockwell Automation has achieved numerous milestones in recent years in cybersecurity including:

• Introduction of the world’s first programmable automation controller to be certified compliant with the IEC 62443-4-2 security standard by TÜV Rheinland.
• Introduction of ODVA CIP Security capable systems for the plant floor.
• Become a founding member of the ISA Global Cybersecurity Alliance.
• Achieve IEC 62443-3-3 Process Certification by TÜV Rheinland.
• Achieve ISO 27001 Certification for remote support through the Standards Institute of Israel.
• Provide comprehensive cybersecurity services. 

In February 2023, Rockwell Automation was notified that it passed our external audit by TÜV Rheinland. Rockwell product security is now certified to Maturity Level 4 for IEC-62443-4-1 globally. IEC 62443-4-1 defines secure development lifecycle (SDL) cybersecurity requirements for industrial automation, control systems, IIoT, building management, and medical device products. These requirements can be applied to new or existing processes for developing, maintaining, and retiring hardware, software or firmware.

IEC62443 is also based on CMMI with five levels of increasing maturity (summarized in Fig. 1). Maturity Level 4 demonstrates that Rockwell has a highly mature and ubiquitously deployed cybersecurity practice for industrial automation and control systems products.

Source

Related Story

Rockwell Automation Named One of the World’s Most Ethical Companies for The 12th Time

Rockwell Automation has been recognized as one of the 2020 World’s Most Ethical Companies by Ethisphere, a renowned voice in defining and advancing the standards of ethical business practices. The recognition honors companies that exemplify purpose-based strategy and are committed to making positive changes throughout their international communities.