CYBERSECURITY SERVICES ྪஏҾඇޜခถ
௮ܾྼஓ
କ߸ܠ႑တ
ࡽೕ ࡽዚࠅ
SGS்ڦᇼৠ
Our vision
ඤ൧႑Ljओटظႎ
Enthusiasm, integrity, positive, innovation
ࠓණኤऐࢅĂॠᄓ֪ڦණࠅाࡔSGS
ሞ்ڦॠᄓĂ६ۨĂ֪ࢅ
ණኤޜခଶᇘփ߀Ă૰ኋྜெ
ඇ൰ྺׯణՔڦ்
ࠓခऐޜڦ૰ׂิࢅ૰ፌਏ৪ኛ
๔ዕྺԨཱིतඇ൰ਜ਼ࢽ
ခޜୁᅃࠃ༵
01
02
SGSྪஏҾඇํᄓՓքඇ൰
܈ࡔዐ ᄸाࡔ
ԛĂฉ࡛ॿĂฉ࡛۫Ă࠽ዝĂศᒰĂઑĂԛڪ
ڪೢेĂႎࡔĂெࡔ݆૧ĂںનĂဇӬცĂӎࢁ
SGSྪஏҾඇํᄓ
Cybersecurity laboratory
03 IEC 62443 CBጨዊ
ֱკྪበiecee.org
EN 303 645 CBጨዊ
ֱკྪበiecee.org
IEC 62443 GACጨዊ
ֱკྪበgac.org.sa
EN 303 645ࢅTS 103 701 GACጨዊ
ֱკྪበgac.org.sa
RED 3.3 d/e/fྪஏҾඇNCBጨዊ
ֱკྪበwebgate.ec.europa.eu
SGSྪஏҾඇጨዊ
Cybersecurity accreditation
04
SGSഄඇ൰ጨዊ
Other global accreditations
ࠓණኤऐࢅĂॠᄓ֪ڦණࠅाࡔSGS
PSTI (ᆈࡔׂҾඇᇑۉ႑एإยแ
݆ӄ)ᇀ202111ሆ༵Lj2022
12ሆ6නኟ๕ิၳLjժߴᇎሰฆĂ
੨ฆݴࢅၨฆ12߲ሆڦጚԢ้क़
ᅜۙኝഄฆᄽႜྺăሞᅃڦጚԢ
၌ࢫࡗ)ॽᇀ20244ሆ29නਸ๔
ኟ๕॔࠶(Ljᆈڦࡔၩݯૌ
ྪׂႴᄲፁ݆ӄă॔࠶ऐ
ᅜتິࠅڦᄲ൱࿄ፏܔॽᆶࠓ
ፌߛ1,000ྤᆈԃईඇ൰ڦ
4%ڦ݁Ljᅜतཀፌߛ20,000
ă݁ࡀྵڦᆈԃ
ྷݔׂᆩ
(Ԉઔڍփ၌ᇀᅜူ૩ጱ)ǖ
• ీऐ
ᄙำഗࢅۉ၎ऐĂ• ྪ
• থڦܹཡਏࢅᆊܹ॔ഗ
• থҾඇ၎࠲,ׂ૩සჶ༑
֪ഗࢅோ
• ܠ߲ยԢথڦڟྪएበࢅण
၍ഗ
• ٻحথॳวጕጷഗ
ڦٻحLj૩සփှׂႩྔࢽ •
থGPSยԢ
• থڦॆབྷጲࢅࣅۯয়Ԓဣཥ
• ྪยԢLj૩සဢᅊऐࢅգၒ
• ీॆਃዺ
గၵׂॽԥಇأሞྔLj૩ස;
ۉీ •
• ᅅଐยԢ
(כഛۯۉᆩᇀ(ۅۉ؊ీࢅଈכ •
ᅜူׂփሞᆩݔాྷǖ
• ๕ۉసĂԴऻԨۉస(14ܹཡ
ᅜฉ๑ᆩڦ(ׂĂփీ๑ᆩނ
ྪஏڦೝӱۉస
ۉీĂכഛۯۉ •
• ᅅଐยԢ
PSTI० PSTIᆩׂݔྷ
05 SGS UK PSTI֪ණኤޜခ
UK PSTI test and certification service
PSTIྪஏҾඇᄲ൱
PSTI SECURITY REQUIREMENTS
PSTI ాඹ ֖Քጚ
ஓՂႷǖ
ܾᅃ܀ׂ߲ •
• ᆯᆩࢽۨᅭ
ׂ߲ڦྸᅃஓ্ኹǖ
• एᇀሺଉऺຕഗ
ڥਸ႑တዐࠅٗਸ႑တईࠅएᇀ•
• ᅜतඪࢆᅟᇀ֊֪ݛڦ๕
ஓփԈઔǖڦዐԨ
• ेሃ
• ದܔpinஓ
• APIሃ
ሰฆณ༵ࠃᅃ߲ൣညཪڦർڢLj
Ҿඇڦׂྪ࠲၎ߢටԒࢆሎႹඪ
࿚༶ăժत้ݒઍڟҾඇ࿚༶ਦă
ࠃ༵ᅜᆈ࿔•
ࠃ༵ݯ௨•
• Ⴔᄲ൱༵ࠃ߲ට႑တ
• ሰฆႴᄲᆶඓཪݛڦ๕ܔᆩ
ࠅࢽքፌڦ܌Ҿඇ߸ႎዜ
!ኧڦᅭۨ܌ڥփࢫք႑တ• ݀
ஓᄲ൱
۴࠶ᄲ൱
Ҿඇ߸ႎዜ
EN 303645
• provision 5.1-1
• provision 5.1-2
EN 303645
• provision 5.2-1
ISO/IEC 29147
• paragraph6.2.2
• paragraph6.2.5
• paragraph 6.5
EN 303645
• provision 5.3-13
ၜణ SGSޜခ ਜ਼ࢽ
PSTIՔጚಢჟतණኤޜခ
PSTI EN 303645Քጚಢჟतණኤޜခ
PSTIණኤޜခ
č
ీॆਃยԢ
ཚ႑ఇยԢ
ܠీฝၟཀྵ
č
గኪఁॆۉׂิฆ
గႜᄽଶံཚ႑ఇฆ
గీฝၟऐิׂฆ
č
SGSॺᅱ
SGSޜခᅜतࠀׯӄ૩
୯ޏ݆ࡀዐڦሰฆĂ੨ฆईኁݴၨฆ
ྷݔࡀ݆ᇀຌޏׂڦࠃ༵ࡔሞᆈۨඓ
ැࢇޙᅜฉᄲ൱LjሶႴᄲႜPSTI֪ණኤă
06
ۅጀ࠲
ยԢ๎՚Ăದዃ\\၌࠶Ăຕ
Ă࿚ݡĂথ੨)دࢅئ٪)ࢺԍ
ॲืप
ः௨ཉ
ሰฆփܔᆯ๑ᆩኁҾጎڼڦෙ
ሴॲईኁᆌᆩݛ
07 NIST 8259A/SB-327֪ණኤޜခ
NIST 8259A/SB-327 test and certification
service
NIST 8259A
NISTIR 8259ဣଚԒߢྺሰฆत
்Ljӻዺڞኸࠃ༵ݛෙڼኧഄ
ࠓາĂยऺĂਸ݀Ă֪Ăၨࢅ
ยԢăྪڦాྷݔࢽਜ਼ഄኧ
ഄዐNISTIR 8259Aǖࢃ႐ยԢྪஏ
Ҿඇీ૰ए၍(20205ሆ29න)Lj
ྺྪ(IoT) ยԢሰฆ༵ࠃथႴ
ࢽਜ਼ഄ७Ljᅜኧॅํፌࢅڞኸڦ
ҾඇణՔăڦ
California Bill SB 327
ெࡔेዝሞ2018၎ीཚࡗକᇑᆆ
ຳԍࢺ၎ڦ࠲ଇևႎ݆ࡀǖĖेዝၩ
ݯኁᆆຳ݆ė(CCPA)ࢅĖ႑တᆆຳǖ
ྪยԢė(CA SB 327& CA AB 1906)Lj
ժॽᇀ20201ሆ1නഐਸ๔ํแă
SB-327݆ӄĖ႑တᆆຳǖྪยԢė
ሶܔྪยԢڦ႑တҾඇ༬Ⴀ༵କ
ᄲ൱LjྪยԢڦሰฆᆌྺยԢ
ದഄᆩׂݔڦ֖ྷEN 303
645ࢅNISTIR 8259Aڦׂݔྷă
NIST 8259A
ሞNISTIR 8259AዐLjᆩݔྷԈઔ
փ၌ᇀǖڍ
ׂۉॆ/ਃ• ీॆ
• ၩݯૌీऐഗට
ยԢٻحీ •
ׂૌࣱ •
• ྪஏยԢᇑၩݯૌۉጱ
• ׂ॔੦ૌยԢĂཚۙૐ
ยԢ
• ഄྪׂ
California Bill SB 327
ेዝڦྪยԢҾඇ݆ሀຐڦ߳
ૌথईक़থথࢻڟྪڦยԢLj
ยԢăྪڦںईઢცںनᆶIP
ኄૌยԢڦӄ૩ᆶǖ
• ྪీਏࢅᆊܹ॔ࢺഗ
ׂݞҾ• ྪ
(ჶԒয়ഗĂோڪ(
• ీฝၟཀྵĂీۉĂీᅼၒ
ྪጕጷᅏॳٻح •
• ॆབྷጲࣅۯยԢࢅԒয়ยԢ
ۉॆీྪ •
(ڪգၒĂဢᅊऐ (ీ
• ీॆਃዺ
ࢇሰฆᆌ๑ยԢਏԢยԢࢻ
༬ీࠀڦҾඇ༬ኙLj๑ኮᇑยԢڦ
Ⴀ၎ದǗࢅยԢणLjئ٪ईኁ
ԈࢅยԢࢺݞದǗ႑တ၎ڦد
Ăൔڦ࿄ڟࣷ႑တփڦࡤ
࣋Ă๑ᆩĂႪ߀ईႅă
සࡕยԢਏᆶਆᇘྪྔڦวݻᄓኤ
ݛ๕LjఫᅃยԢᇨஓᆌ
ړྸᅃڦLjईኁਏԢᅃዖҾඇ
༬Ⴀᄲ൱ᆩࢽሞڼᅃْکമీׂ
ิᅃዖႎ६ۨݛ๕ă
ெࡔྪยԢڦ႑တҾඇᄲ൱ ᆩׂݔ ྷSB-327ڦዷᄲాඹ
ยԢՔ๎
ྪยԢᅜሞஇडࢅฉ
ႜྸᅃՔ๎ă
NIST 8259AڦྪஏҾඇᄲ൱
SGSޜခ
ยԢದዃ
ྪยԢॲڦದዃᅜ߸߀Lj
ժُૌ߸߀ኻీᆯํ༹ኴႜă
ຕԍࢺ
دࢅئ٪ഄࢺᅜԍยԢྪ
ă߀Ⴊࢅ࿚ݡڦ௨ሦ࿄ঢ়ຕڦ
࿚ݡஇडڦথ੨ܔ
ยԢᅜॽܔԨഄࢅںྪஏথ੨ᅜ
तኄၵথ੨๑ᆩڦၹᅱޜࢅခڦஇ
डݡ࿚၌ྺৈํ༹ă
ॲ߸ႎ
ྪยԢڦॲኻీᆯํ༹
๑ᆩҾඇದዃڦऐႜ߸ႎă
ྪஏҾඇጒༀᅪ๎
ྪยԢᅜԒߢྪഄஏҾඇጒ
ݡ༹ํࠃ႑တৈༀLjժ๑
࿚ă
֪႙ࢇްࡀ݆ڦ࠲ԛெ၎ࠃ༵SGS•
ᄓኤޜခLjᅜत۴௮Ăา
ཪ֪ܠڪዖྪஏҾඇ֪ăᅃ
ॏڦگ߸ݯࢾᅜඟခޜበ๕
ඹLjాࠚೠڦܠీׯྜLj߭
ํ၄ၳᅮፌࣅۇٴዺ૰ਜ਼ࢽইޅگ
၃Ljፁׇ݆ࡀă
• SGSܠຕྔࡔசॆණڦํᄓLj
֖ᇑࡔྔசॆ/ଭฆڦprotocol
ഐ֥ెۨ߾ፕLj༵ࠃᅃበ๕ޜခLj
ፁࡔྔசॆᄲ൱ă
ׂڦࢫ࿋ၹዺණኤݛඇࣷSGSॽ•
ཞਉӸӰኤᅏ๕LjၹࠌăدჇ
ዺಆฝჇدೕLjጉႀჇد࿔Lj
ժࢇ༹ႜཞօჇدLjᅃ
Ⴀăྰࢅ૰ᆖၚڦׂۇٴօક
SGSॺᅱ
ሰฆᆌǖ
୯ׂڦิంዜڦ႑တҾඇLjৃཀுᆶ࿚༶Ljփپཀ৽ுᆶޅ၃Ljڦׂሞၩݯኁฉ๑ᆩܠ৳Ǜ
ॽྪஏҾඇᄲ൱ڦ๎՚ࢅํแྺׂਸ݀ࢅิంዜኧୁڦײᅃ߲ፇׯևݴ
๎՚ణՔਜ਼ࢅࢽ்ڦ๑ᆩ࣍ৣLjჺ৯்ܔ႑တҾඇڦႴ൱ࢅᇨLj֑ൽՂᄲٯڦแᅜतࢅၩݯኁڦ
๕ݛཚࠏ
08
౹ዞۉ႑Քጚࣅၹࣷ(ETSI*ྪஏҾඇरຍ྿ᇵࣷᇀ20206ሆ݀քEN 303 645
Cybersecurity for Consumer Internet of Things: Baseline Requirementsă
ยԢĂཚڦׂྪૌݯၩܔၾLjྰஏҾඇྪڦዘᄲࢅ९ߵՔጚ
ڦׂߛ༵Ljॺ૬ഐҾඇए၍Ljۨࡀକ13ཉҾඇႠ༵Ҿඇටຕ߲ࢅ႑
ྪஏҾඇీ૰ă
ೠࠚဦሶ
ETSI TS 103 701 (Assessment Methodology for Consumer IoT Devices)
ኸڞဦሶ
ETSI TR 103 621 (Guide to Cyber Security for Consumer Internet of Things)
SGS EN 303 645֪ණኤޜခ
EN 303 645 test and certification service
ᆩׂݔ)ྷԈઔڍփ၌ᇀᅜူ૩
ጱ)ǖ
• ྪܹཡਏࢅܹཡ॔ഗ
• ྪҾݞׂLjԲසჶԒয়ഗࢅ
ோ
• ྪྪ࠲Ăएበܠࢅ߲ยԢথ
౨ڦ
• ీฝၟཀྵĂీۉĂీᅼၒ
• ྪॆབྷጲࣅۯยԢࢅԒয়ยԢ
ऐں ,ഗࣅഘ৫(ۉॆీྪ •
ഗටڪ(Ăీॆਃዺ
ጕጷᅏॳٻح •
EN 303645० ᆩׂݔྷ
09
EN 303 645ࢇޙႠೠࠚၜణୁײ
SGSీࠕӻዺ
ӻዺഓᄽࡀՆޅ၃
࿄ႜྪஏҾඇೠڦࠚ٪ׂሞሦ
ڟྪஏ߿ऍĂႅഓᄽᇑᆩࢽຕĂ
ࣷ၃Ljฯޅڦ๑ᆩኟׂ݆
௬ଣܮߛ݁ă
ᄲ൱ࡀࢇ
ڦࡔ߳ඇ൰ྺׯஏҾඇኟደօྪ
ׇጚഽᄲ൱Ljႜೠࠚᇑණኤ
ᅜԍኤׂࡀࢇڦႠLjඓԍׂຩ
૧ጂׇ࡛ྔă
دჇׇ
ၩݯኁܔྪஏҾඇ߸ेዘLjڍ
ׇฉႜҾඇೠڦࠚഓᄽডณă
ႜҾඇೠࠚీࠕӻዺׂሞཞૌ႙
ׂዐྃᆗܸă
ၜణ૬ၜ ጨଙགႀᇑอࢃ ԒߢՊႀत
ߢኤກԒ݀ധ ࠚᄓኤೠ ࢃอࡕࠚೠ
༵ࠃׂຫກ
ᇑ࿚ਝೠࠚၜణ
ഔۯҾಇศ܈Ք
ጚಢჟඓۨၜణ
ྷݔ֪ࢅဦব
ၹዺਜ਼ࢽགႀׂ
रຍጨଙ(DUT,
ICS, IXIT)อࢃҾ
ඇํ၄௮ຎޏ
ీፁՔጚᄲ൱
Ljरຍኧࠃ༵
ጨׯྜࢽӻዺਜ਼
ଙጚԢ
ࠚႜೠׂܔ
ᇑ֪Ljඓණ
ፁՔጚᄲ൱ޏ
ࠃ༵߀ኝྺׂ
रຍኧཞօ߸
ႎरຍጨଙ!
ඓණׂत࿔ڗ
ፁᄲ൱ࢫLjՊ
ႀԒߢतኝ၎
༵ڗĂ࿔ࡕ࠲
ׂतࡕ֪
रຍ࿔ڪڗՂ
ᄲጨଙڟ SGSर
ຍ྿ᇵࣷอֱ
ധ݀ኤກĂԒߢ
Ӱ݀SGS MarkՔ
๎ದࢇਜ਼ࢽႜ
Ԉઔࠅዚࡽ࿔ቤĂ
ႎ࿕ߡĂӰኤᅏ
ۯऄدჇڪ๕
ၜణ SGSޜခ ਜ਼ࢽ
EN 303645ՔጚಢჟIXIT࿔ॲགႀኸڞLj
तණኤޜခ
EN 303645ՔጚಢჟIXIT࿔ॲགႀኸڞLj
तණኤޜခ
ՔጚಢჟĂ႑တҾඇႴ൱ᇑ߁Ă
IXIT࿔ॲགႀኸڞLjतණኤޜခ
EN 303645ՔጚಢჟIXIT࿔ॲགႀኸڞLj
तණኤޜခ
č
WIFIཚ႑ఇ
ీဢںऐ
࠲ྪీᆩॆ
ॆᆩྪฝၟཀྵ
č
గኪఁཚ႑ఇฆ
గႜᄽଶံీॆਃሰฆ
గႜᄽଶံీॆਃሰฆ
గႜᄽଶံీॆਃሰฆ
č
SGSࠀׯӄ૩
10
REDྪஏҾඇ֪ණኤޜခ
RED cybersecurity test and certification
service
ႜጲྪࢻࡗཚࠕీࢆᆩᇀඪ
ཚ႑ڦ၍ۉยԢLjஃ
ྪࢻ”)ยԢഄࡗཚ࣏থཚ႑
থڦ၍ۉยԢ”)ă
• ऐĂೝӱۉస
࠲ྪࢅFiୟᆯഗ-Wi•
• ྪۙĂգၒࢅॆഄᆩۉഗ
5GยԢ/4G/3Gࢅ࢈ۉ/ۉీ •
• ᆶਏᆶWi-Fiཚ႑ࠀీڦยԢ
• כሜྪፇॲ
• ీᇸဣཥዐۉڦᇸገ࣑ഗ
ᆩᇀت߲ටຕĂཚ႑ຕई
থۨ࿋ຕڦ၍ۉยԢLjनࢻ
ྪথڦ၍ۉยԢĂܹཡࢺ
၍ۉยԢĂਏ၍ۉยԢࢅ
ยԢăۉ၍ٻح
• ԈઔTWSሞాڦઢცথऐĂ
ܺऐईBoombox
ยԢۯᅎഄࢅీ •
• ీߌدഗĂഘ৫ࣅഗĂဌפഗ
• ᆊܹ॔ഗࢅ3G/4G/5GยԢ
• כሜྪፇॲ
• GPS߶ጷยԢ
ᆩᇀඪࢻࢆྪথڦ၍ۉย
ీࢽᆶටईᆩยԢ๑ࡕԢLjස
ࠕႜূബĂऋԼॏኵईႵెऋԼ
ገᅎăڦ
• POSऐĂATMऐ
• ኧඪࢆૌ႙ገቭڦยԢ
EN 18031-1 EN 18031-2 EN 18031-3
RED (Radio Equipment Directive)Ljन၍ۉतཚრዕ܋ኸସLj၍ૌׂڦCEڦණኤኸସă၍ׂీࢇࠕ݆
ںሞ౹ࡔॆၨኮമLjՂႷߵREDኸସኴႜ֪ൽڥණLjཞ้ᄺՂႷᆛᆶCE-markă20221ሆ12නLj౹ዞ
྿ᇵࣷኟ๕݀քକ(EU) 2022/30݆ӄLjࡀۨ၎࠲ׂሰฆሞยऺࢅׂิዐՂႷ୯ڟREDኸସڦෙۅྪஏҾඇᄲ
൱Lj20258ሆኟ๕ิၳLjፕྺREDණኤڦᅃևݴഽኴႜăྺُLj౹ᇀ20248ሆ݀քକEN18031ဣଚՔጚLj
ᆩᇀೠࠚREDྪஏҾඇᄲ൱ă
EN 18031ဣଚණኤ
11
සࢆಒስEN 18031ڦనၵՔጚႜೠࠚ?
ײୁၜణࠚӄतೠݛSGS
ၜణ૬ၜ ጨଙགႀᇑอࢃ ԒߢՊႀत
ࢃอࡕࠚೠ
ᄓኤೠࠚ ധ݀ኤກԒߢ
ࢽਜ਼ࢅׂࠃ༵ •
օጧკ؛ڦ
• ೠࠚၜణޏഔ
ۯ
• Ҿಇጨዊೠࠚ၎
ಢჟ࠲
• ඓۨၜణ܈त
॰ୟ০࠲
• ၹዺਜ਼ࢽགႀׂ
रຍጨଙ
ݔࡀඓԍҾඇ•
ፁ߳ၜՔጚᄲ൱
• णĂኝժၹ
ฤ൩ׯྜࢽዺਜ਼
ࠚႜೠׂܔ •
ᇑ֪Ljඓණ
ፁᄲ൱ޏ
ࠃ༵႙• ྺׂۨ
रຍጨଙ
Ԓࠚօೠ؛ਏ •
ߢ
• ඓණׂत࿔ڗ
ፁޏڇൣ
ᄲ൱ࢫLjՊႀ
Ԓߢतኝ၎
ॲ࠲
• ༵ጨଙڟSGS
ࢃอࣷरຍ྿ᇵ
• ധ݀ኤກĂԒߢ
• Ӱ݀SGS MarkՔ
๎
• ದࢇਜ਼ࢽႜჇ
دतߢࠅ݀ք(ස
ĂߡቛĂႎ࿕ࣷ
ჇڪӰኤᅏ๕
(ۯऄد
ྺ๊ስSGS?
• ሞுᆶၹۙՔጚമLjሰฆՂႷཚߢࠅࡗऐࠓ)NB)ڦೠࠚઠኤഄׂࢇޙڦႠLjSGSᅙᆛᆶREDኸସڼ3(3)ཉ
ڦ)d)Ă(e)Ă(f)ڦඇ௬NBጨዊLjྺሰฆ༵ࠃೠࠚ݀ኤLjራٱਸ݆ࡀഽׂणዐ֪ރߛڦă
• ၎ডᇀدཥՔጚLjEN 18031Ⴔᄲሰฆᆶ߸ߛ֖ᇑ܈LjժܔྪஏҾඇڦᄲ൱߁ࢅᆶଆڦࡻࢅᆌᆩǗᅺُLj
SGSᄺ༵ࠃጆᄽڦྪஏҾඇरຍࢅ܁ಢჟޜခLj༵ืሰฆሞྪஏҾඇଶᇘڦยऺࢅᄓኤీ૰Ljྺׂຩ૧ཚ
ăإएူॕํوٴREDණኤࡗ
ਸ๔
ः௨ཉ૩ࢇޙޏ
ت߲ටຕ/ཚ႑ຕ
ยԢڦ
RED3(3)d, e,fᆩ
RED3(3)d, e,fփᆩ
EN 18031 Part 1 EN 18031 Part 2 EN 18031 Part 3
ࢻྪথڦ၍ยԢ ภतূബ/ऋԼ/ႵెऋԼ
ገᅎڦยԢ
12
ኤກቛ๖ᅜतSGS CYBERSECURITY MARKถ
ଷྔLj ᅜฤ൩SGS Cybersecurity MarkՔኾLjُՔኾᅜൣညںׇၠ
ቛ๖ഓᄽሞྪஏҾඇݛ௬ڦ૰ీࢅ౷ăසူǖ
ཚࡗቛ๖SGS Cybersecurity MarkLjᅜሺഽਜ਼ࢇࢅࢽፕअӵܔഓᄽׂҾ
ඇႠڦ႑ඪLjᆶዺᇀ༵ߛಈำᇤăُྔSGS Cybersecurity Mark༵ࠃփཞ
ڦҾඇप՚(૩ස Standard AĂBĂCĂD)LjഓᄽᅜߵጲวׂڦҾඇႴ
൱ࢅׇۨ࿋ስࢇڦҾඇप՚ණኤLjፁܠᄣڦࣅׇႴ൱ă
RED 3.3 d/e/f NBኤກ
13
IEC 62443֪ණኤޜခ
IEC 62443 series test and certification
service
14
ຎ߁
IEC 62443-4-1ࡀۨକ߾ᄽጲࢅࣅۯ
੦ဣཥዐ๑ᆩڦׂҾඇਸ݀ڦ
ײࡗᄲ൱LjۨᅭକᇑྪஏҾඇ၎࠲
ڦҾඇਸ݀ิంዜ(SDL)ᄲ൱Lj
ժ༵ࠃକසࢆፁ߲ᄲ໎௮ຎ
ᄲ൱ڦኸళăิంዜ௮ຎԈઔҾඇ
Ⴔ൱ۨᅭĂҾඇยऺĂҾඇํแ(Ԉ
ઔՊஓኸళ)ĂᄓኤࢅඓණĂඍ။࠶
Ăցۡ࠶ࢅิׂంዜຐă
IEC 62443-2-4ՔጚྺणׯईྼࢺIACS
၎ڦ࠲ᆶૌ႙ޜڦခ༵ࠃฆၘဦ
ࡀۨକᅃ༫ඇ௬ڦҾඇీ૰ᄲ൱ă
ᆯᇀ ኄၵᄲ൱ܠۇٴᇑଶᇘ၎࠲Lj
Քጚ༵ࠃକ“ದዃ࿔ॲ”ڦਸ݀Lj
ᆩᇀਦ༬ۨ࣍ৣ܀ڦ༬༬ኙă
MATURITY LEVEL 1
INITIALǖᆶీ૰ሞுᆶऻୁײLj
ခǗޜࠃ༵ူ൧ڦ੦փፁײࡗ
ፕຫ߾ཞĂࢇĂײୁݔࡀ/ுᆶኟ๕
ກڪă
MATURITY LEVEL 2
MANAGEDǖᆶీ૰Ӏቷኟ๕ऻ
ခLjժᆶጆᄽኪޜࠃ༵ײୁ༬ኙڦ
๎ࢅჟଁᆶ໎ڦටᇵྺኤǗኟ๕/ࡀ
࿔ॲLjײୁǗກ௬ײୁڦްዘĂݔ
ಢჟጨଙڪă
MATURITY LEVEL 3
DEFINED/PRACTICEDǖਏԢኴႜ
ML2पڦ૰ీLjԈઔํ७ڦײࡗ
ڇൣֱࢃڦׯྜǗᅙঢ়ኤ
MATURITY LEVEL 4
IMPROVINGǖᆶీ૰ڟٳML3प
ీڦ߀ჄᆛᆶLjԈઔኤೝ
૰Ǘీࠕएᇀၜణঢ়ᄓLj߀၄ᆶ
Ⴞăײ۩ǗႪײୁ
IEC 62443-2-4/-4-1ණኤ IEC 62443-2-4/4-1ׯຄ܈०
ໜጣຕጴࣅ้ڦپ݀ቛLj߾ᄽ੦ဣཥڦྪஏҾඇ࿚༶නᅮLjഓᄽ௬ଣമ࿄ᆶڦăሞኄ৪ኛघଜڦׇ
ዐLjසࢆඓԍᄽခࢅਜ਼ࢽຕڦॆඇׯྺ࠲॰ඪခăׇܔIEC 62443ණኤڦႴ൱ደօሺेLjኄᅃණኤփৈኤକ
ഓᄽሞྪஏҾඇଶᇘڦ૰ీLj߸ቛ๖ጆᄽೝࡀࢇࢅႠڦᆶၳ০ă
ྺ๊ስIEC 62443ဣଚޜခ?
IEC 62443-4-1ዐᄲ൱ٗܠྼܔ܈ׂ”
܈ຄׯႜ”ײୁ݀႑တҾඇਸ
ೠࠚă
• Ҿඇ࠶ Security management
ݔࡀҾඇᄲ൱•
Specification of security
requirements
• ยऺҾඇ Security by design
• Ҿඇํแ
Secure implementation
• Ҿඇᄓኤ֪
Security verification and
validation testing
࠶༶࿚࠲Ҿඇ၎•
Management of security-related
issues
• Ҿඇืप
Security update qualification
• Ҿඇጚ֪ Security guidelines
IEC 62443-2-4ዐऻକIACSޜခ༵ࠃฆሞጲࣅۯਦݛӄڦणࢅׯྼࢺऄ
ۯዐLjၠጨׂᆶኁ༵ڦࠃᅃ༫ඇ௬ڦҾඇీ૰ᄲ൱ă
IEC 62443-4-1ాඹ० ༵ࠃକၜएԨᄲ൱(FR)၎ڦ࠲ၘ
ဦरຍ੦ဣཥፇॲᄲ൱LjԈઔۨ
ᅭ੦ဣཥీ૰Ҿඇप՚तഄፇॲ
ڦᄲ൱ăၜएԨᄲ൱(FR)ǖ
• ๎՚ࢅණኤ੦(IAC)
• ๑ᆩ੦(UC)
• ဣཥྜኝႠ(SI)
• ຕऐႠ(DC)
• ၌ຕୁ(RDF)
• ܔ๚ॲڦत้ၚᆌ(TRE)
• ጨᇸᆩႠ(RA)
ฉຎၜFRۨᅭ੦ဣཥҾඇీ
૰प՚ڦएإă
IEC 62443-3-3/-4-2एԨҾඇႴ൱ ߾੦ဣཥፇॲҾඇڪपᄲ൱
VALUE SP REQ.ID DESCRIPTION
SP.01.XX
SP.02.XX
SP.03.XX
SP.04.XX
SIS SP.05.XX
SP.06.XX
SP.07.XX
SP.08.XX
SP.09.XX
SP.10.XX
SP.11.XX
SP.12.XX
ޜခ༵ࠃฆྺጲࣅۯਦݛӄ၎࠲ऄۯኸ
ಋටᇵڦ၎࠲ᄲ൱
ᇑ༵ࠃጲࣅۯਦݛӄҾඇ֧ኴႜ႑႐
ࠓᄲ൱ॐڦ࠲၎
ᇑጲࣅۯਦݛӄยऺ၎ڦ࠲ᄲ൱
ᇑሞጲࣅۯਦݛӄዐ๑ᆩ၍၎ڦ࠲ᄲ൱
ॽSISणڟׯጲࣅۯਦݛӄዐڦ၎࠲ᄲ൱
ᇑጲࣅۯਦݛӄದዃ੦၎ڦ࠲ᄲ൱
ᇑᇺݡײ࿚ጲࣅۯਦݛӄ၎ڦ࠲ᄲ൱
ᇑጲࣅۯਦݛӄዐ๚ॲت၎ڦ࠲ᄲ൱
ڦ࠲၎࠶ࢽቭࢽӄዐᇑᆩݛਦࣅۯጲ
ᄲ൱
ᆶ࠲ሞጲࣅۯਦݛӄዐ๑ᆩݒܱᅪॲ
ᄲ൱ڦ
ᇑ಼ጚࢅҾጎॲցۡڦҾඇݛ௬ᆶڦ࠲
ᄲ൱
ᆶ࠲Ԣ࣬ࢅݻްҾඇݛ௬ڦᄲ൱
ਦݛӄ
ටᇵದዃ
ԍኤ
ࠓॐ
၍
SIS
࠶ದዃ
࿚ݡײᇺ
࠶๚ॲ
࠶ࢽቭ
ܱᅪॲ
ࢺԍ
࠶ۡց
ᇱ࣏/ݻԢ
SECURITY LEVEL 1
ă࡞ൔڦࢇईേ౾ኹݞ
SECURITY LEVEL 2
ۯگࢅీณጨᇸĂཚᆩरࡗኹཚݞ
ă࣋ᅪ೦ࠤڇ०ڦऐ
SECURITY LEVEL 3
ݞኹཚࡗᅃӯጨᇸĂIACS༬रీ
ă࣋ᅪ೦ࠤሗްڦऐۯᅃӯࢅ
SECURITY LEVEL 4
ݞኹཚࡗકቛጨᇸĂIACS༬रీ
ă࣋ᅪ೦ࠤሗްڦऐۯߛࢅ
15
IEC 62443-3-3Ҿඇڪप
CLAUSE REQUIREMENT
SR 1.1
SR 1.1 RE (1)
SR 1.1 RE (2)
SR 1.1 RE (3)
The control system shall provide the capabillity to identify and authenticate all human
users. This capability shall enforce such identification and authentication on all interfaces
which provide human user access to the control system to support segregation of
duties and least privilege in accordance with applicable security policies and procedures.
The control system shall provide the capability to uniquely identify and authenticate all
human users.
The control system shall provide the capability to employ multifactor authentication for
all human user access to the control system.
The control system shall provide the capability to employ multifactor authentication for
human user access to the control system via an untrusted network (see 5.15, SR 1.13
- Access via untruated networks).
IEC 62443-4-2Ҿඇڪप
CLAUSE REQUIREMENT
CCSC 4
CR 1.1
CR 1.1 RE (1)
CR 1.1 RE (2)
All of the components defined in this document shall be developed and supported
following the secure product development processes described in IEC 62443-4-1.
Components shall provide the capability to identify and authenticate all human users.
Components shall provide the capability to uniquely identify and authenticate all human users.
Components shall provide the capability to employ multifactor authentication for all
human users access to the component.
ၜణ SGSޜခ ਜ਼ࢽ
Ҿඇਸ༹݀ဣIEC 63443-4-1ණኤ
IEC 62443-4-2ණኤ
IEC 62443-4-2 Քጚಢჟᅜतඇୁײණኤޜခ
ՔጚಢჟĂ႑တҾඇႴ൱ᇑ߁Ă႑တ
ҾඇဣཥٲॺIEC 62443-3-3ණኤ
IEC 62443-3-3ණኤ
IEC 62443-2-4ಢჟ
…
߾ᄽྪยԢ
ऐ࣑ᄽ߾
ڢࡆཚ੦ဣཥ
ྪ႑တ֑ण੦ဣཥ
ಢჟײୁ࠶Ҿඇ
č
గ߾ᄽཚ႑ׂतྪਦ
๕ࠅӄݛ
గኪఁ߾ᄽᅜྪ࣑ऐഓᄽ
ڦဣཥଶᇘࡽ႑ڦཚڢࡆగ
ံႜഓᄽ
గኪఁظႎ႙ྪरࠅິ
గྪݛӄᆅଶኁĂޜခ༵ࠃฆ
č
SGSࠀׯӄ૩
16
SGS IEC 62443ݛӄ
1
2
3
4
5
6
7
ጧკࢅՔጚಢჟ
• ඓۨਜ਼ࢽႴ൱
ࣄऺࠚӄĂೠݛۨခĂޜถණኤ•
• ၜణഔۯLjSGSܔഓᄽ၎࠲ၜణටᇵႜ
Քጚಢჟ
ࠚ࿔ॲೠ
ࢽਜ਼ܔᄲ൱࠶Քጚᄲ൱LjဣཥҾඇߵ •
࿔ॲႜೠࠚ
߀ኝࢽਜ਼
• ਜ਼ߵࢽֶਐݴဆԒܔߢၜణ࿔ॲĂरຍ
ጨଙڪႜႪኟ
ࢽዺਜ਼ޤཚॺᅱLjࠏरຍࠃ༵ࢽਜ਼ྺSGS•
ፕ߾߀ኝׯྜ
ްֱᇑ֪
• SGSरอሞਜ਼ࢽํᄓत߾၄ׇႜ
FATLjํ၄၄ׇ࿔ॲࢅဣཥڦፌዕ
ॠֱᇑ֪
ֶਐݴဆ
ණኤᄲቴࢽLjӻዺਜ਼ࡕࠚೠอೠߵ •
൱ֶਐ
ߢဆԒݴਐֶ •
ࠚೠް
• ܔኝڦࢫ߀࿔ॲĂҾඇ੦ٯแႜް
ࠚೠ
• ඓԍ߳ၜᄲ൱ፁՔጚࢅණኤऺࣄᄲ൱Lj
ᆶ࿚༶࠲Կ
Ԓߢतኤກ
LjSGSڪऻጨଙLjၜణڗ࿔ڦ༵ߵ •
ኤກࢅߢԒࠚਏೠ
17
SGSڦೠࠚጆॆদཚࡗISA IEC 62443
ဣଚՔጚڦጆॆණኤऺࣄಢჟLj
ᆶCISP/CISSP/OSCPࡔڪྔాණ
ڦྪஏҾඇጆᄽኤກLjጆᄽీ૰ᆛ
ᆶԍቱă
ྷݔጨዊڦԢྜ
SGSසူՔጚڦCBTLǖ
• IEC 62443-2-4
• IEC 62443-3-3
• IEC 62443-4-1
• IEC 62443-4-2
ඇ૰ၹዺჇد
ăدჇׂڦࢫၹዺණኤࣷSGSॽ
ೕLjدჇཞਉӸӰኤᅏ๕Ljಆฝࠌ
ጉႀჇد࿔Ljժࢇ༹ཞօჇ
ࢅ૰ᆖၚڦׂۇٴᅃօકLjد
ྰႠă
ኤກᇑԒߢቛ๖
IEC 62443ೠࠚԒߢᅜतIEC 62443 CBኤກǖ
ܓྲཱྀरຍڦጆᄽ
18
IEC 62443֪ණኤޜခ
IEC 62443 series test and certification
service
SGSۉጱۉഘڼෙݛॠ֪ํᄓፕྺଶံڦIEC 62443ණኤޜခ༵ࠃฆLjժፕྺዐۇٴࡔڼᅃॆൽڥIEC 62443 3-3
ጨዊڼڦෙݛॠ֪ํᄓLj்ڦጆᄽཷܓॽၹዺഓᄽํ၄ණኤణՔă༵ࠃඇݛ࿋ޜڦခLjԈઔՔጚಢჟޜခLjֶ
ਐݴဆᅜतೠޜࠚခăӻዺഓᄽࢇޙڟٳIEC 62443၎߾ڦ࠲ᄽྪஏҾඇՔጚLjൽڥIEC 62443 CBණኤăSGSڦ၎
փܔ႐ᆌݣࠕీࢽҾඇႠLj๑ਜ਼ڦ႑တरຍࢅဣཥᄽ੦߾ҾඇԍቱLjඓԍڦ੍ࠃ༵ࢽਜ਼ྺခॽޜጆᄽࢅጨዊ࠲
ሺڦྪஏॆඇă
ྺ๊ስSGS IEC 62443ဣଚޜခ?
12/24/Cybersecurity services_V2 © SGS Société Générale de Surveillance SA. (2024)
www.sgs.com
www.sgsonline.com.cn
ဣ் CONTACT US
ฉ࡛ Shanghai
T : +86 (0)21 6191 5670
ee.shanghai@sgs.com
࠽ዝ Guangzhou
T : +86 (0)20 8215 5411
ee.guangzhou@sgs.com
ศᒰ Shenzhen
T : +86 (0)755 2654 4661
ee.shenzhen@sgs.com
ዘ൪ Chongqing
T : +86 (0)23 8553 8555
ee.chongqing@sgs.com




