DURAG GmbH receives security certificate2022/11/01
Hamburg, 1st of November, 2022 – The requirements for IT security of products and services are constantly increasing both on the part of legislators and on the market. DURAG GmbH has now reacted and successfully applied for an internationally recognized certification for the development of "secure" products.
The normative framework for industrial security in automation is provided by the international series of standards IEC 62443 "Security for industrial automation and control systems". It defines the security requirements for the development process and the functional product properties.
For "secure" product development, the subordinate standard IEC 62443-4-1 describes the so-called "secure product development lifecycle requirements". This Secure Development Lifecycle Process (SDL) is intended to ensure that vulnerabilities are identified and eliminated throughout the life cycle of the system and individual components. To this end, the process also requires, for example, that all employees involved in development are appropriately qualified and trained, that the security requirements are traceable right through to implementation and that all necessary security tests are carried out.
"The implementation of the IEC 62443-4-1 standard part on the development side regarding the process requirements with, for example, the definition of the security context, threat analysis, secure-by-design concepts and implementations, vulnerability management as well as the establishment of security test methods were the decisive building blocks of the certification," explain Christian Deselaers and Carsten Neumann, who contributed significantly to the successful certification on the development side. "The process-based implementation ensures that security features and requirements are systematically considered from the design phase of new products, risks are identified and ideally preventively eliminated in the product."
The certification of the development processes was carried out by TÜV Süd. This means that DURAG GmbH is now demonstrably in a position to develop products securely.
The certificate can be downloaded here. Further information and guidance on vulnerability management can be found on our PSIRT website.