Defensive Security

Navigating the 2024 Updates to ISA/IEC 62443 

By
Posted on May 21 / 2025

Industrial Automation and Control Systems (IACS) form the backbone of many critical infrastructure sectors, from energy and water utilities to manufacturing and transportation. Threat actors now routinely target IACS to disrupt operations, extort money, or exfiltrate sensitive data. 

To meet this evolving threat landscape, the ISA/IEC 62443 series of standards offer a globally recognized framework for securing industrial control environments. In 2024, the series underwent significant updates to align with new risk paradigms, improve clarity, and encourage global adoption. 

This article provides a comprehensive overview of these updates and offers recommendations for compliance and next steps.  

 

Overview of ISA/IEC 62443 

ISA/IEC 62443 is a suite of standards developed by the International Society of Automation (ISA) in cooperation with the International Electrotechnical Commission (IEC). It is intended to help asset owners, system integrators, and product suppliers secure IACS throughout their lifecycle. 

 

Structure of the ISA/IEC 62443 Standards 

The standards are divided into four major categories: 

General (62443-1-x): 

  • Provides foundational elements such as terminology, reference models, and concepts used throughout the series. 
  • Introduces the concept of zones and conduits, which help segment networks into logical groupings with similar security requirements. 

Policies and Procedures (62443-2-x): 

  • Focuses on organizational-level practices and management systems to support cybersecurity efforts. 
  • Addresses cybersecurity program development, risk assessments, personnel training, and patch management. 

System (62443-3-x): 

Defines the technical security requirements for the design, integration, and operation of secure control systems. 

Introduces the concept of Security Levels (SLs), ranging from SL1 to SL4: 

  • SL1: Protection against casual or coincidental violations. 
  • SL2: Protection against intentional violations using simple means with low resources. 
  • SL3: Protection against intentional violations using sophisticated means with moderate resources. 
  • SL4: Protection against intentional violations using sophisticated means with extended resources, typically nation-state level. 

Component (62443-4-x): 

  • Specifies technical security requirements and secure development lifecycle practices for IACS components (e.g., PLCs, HMIs, sensors). 
  • Provides guidance for component suppliers on secure design, threat modeling, and code analysis. 

ISA/IEC 62443 Changes Introduced in 2024 

The 2024 updates to ISA/IEC 62443 reflect a maturing approach to OT security, incorporating practical feedback from real-world implementations, and harmonizing with related standards such as ISO/IEC 27001, NIST SP 800-82, and the EU NIS2 directive. 

Alignment with Risk Management Frameworks  

ISA/IEC 62443-2-1 and -3-2 have been updated to reflect methodologies found in ISO/IEC 27005 and NIST SP 800-30. The goal is to standardize risk assessment practices across IT and OT domains, enhancing the ability to prioritize investments based on threat likelihood and potential impact. 

Security Level Refinements 

The definitions and implementation guidance for Security Levels (SLs) have been refined to reduce ambiguity. Clearer distinctions are now made between SL2 and SL3, with industry-specific implementation examples. This helps organizations right-size their controls without over- or under-securing. 

Patch Management Enhancements 

62443-2-3 has expanded requirements for patch management. The new language emphasizes testing patches in sandbox environments, validation processes before deployment, and timelines for patch deployment. 

Secure Remote Access Requirements 

Remote access provisions, especially relevant in the post-COVID era, have been strengthened. Updates emphasize multi-factor authentication (MFA), session logging, real-time monitoring, and revocation of unused credentials. 

Strengthened SDL Practices 

Updates to 62443-4-1 emphasize deeper integration of threat modeling, secure coding practices, static and dynamic analysis, and third-party component validation. There is a focus on software supply chain security in light of attacks like SolarWinds. 

Software Bill of Materials (SBOMs) 

Component suppliers are now expected to maintain and provide SBOMs for their offerings. This supports vulnerability management and increases transparency throughout the supply chain. 

Incident Response and Recovery Protocols 

Organizations are now expected to maintain and test incident response plans. There is greater emphasis on forensic readiness, root cause analysis, and business continuity measures following cyber incidents. 

Certification Scheme Enhancements 

The ISA Secure certification scheme has been updated to reflect the above changes, providing clearer criteria and increasing global recognition. 

 

Recommendations for Compliance with the Revised ISA/IEC 62443 Standards 

Compliance with the revised ISA/IEC 62443 standards involves cross-functional engagement between OT, IT, and cybersecurity teams. Here are five actionable steps organizations can take: 

#1

Perform a Gap Assessment 

  • Use a cross-reference matrix to evaluate current practices against updated requirements. 
  • Focus on areas like SL assignments, remote access, and incident response planning. 
#2

Update Governance Policies 

  • Incorporate new patching timelines, remote access controls, and incident response steps into corporate policies. 
#3

Engage Suppliers and OEMs 

  • Require SBOMs and proof of SDL adherence. 
  • Integrate ISA/IEC 62443 compliance into procurement and contractual language. 
#4

Invest in Monitoring and Detection 

  • Implement behavioral analytics, intrusion detection systems (IDS), and continuous monitoring for anomaly detection. 
#5

Train and Certify Personnel 

  • Offer ISA/IEC 62443-specific training for engineers, cybersecurity staff, and management. 
  • Encourage team members to pursue ISA Secure certifications. 

The Bottom Line on Compliance with ISA/IEC 62443  

The ISA/IEC 62443 updates in 2024 are a timely response to the dynamic and high-stakes world of industrial cybersecurity. For asset owners, integrators, and suppliers alike, adopting the updated standards is not just about compliance—it’s about building cyber-resilient industrial ecosystems capable of withstanding tomorrow’s threats.  

By taking a proactive, structured, and collaborative approach, organizations can ensure both operational continuity and regulatory readiness. 


Need help aligning with the 2024 ISA/IEC 62443 updates? 

Echelon’s experts work alongside OT and IT teams to navigate evolving standards, close compliance gaps, and build resilient industrial cybersecurity programs. From gap assessments to securing remote access design, we’re here to help you turn these updates into actionable security outcomes.

Are you ready to get started?