IEC/ANSI 62443

Implement adequate controls across your infrastructure, achieve target security levels and deliver on business compliance requirements.


Industrial Control Systems and their Operational Technology assets remain a prime target for persistent attacks - particularly those deemed as Critical National Infrastructure (CNI).

These critical, high-risk systems have unique security requirements to prevent compromise - but how do you identify these? IriusRisk helps engineers and security analysts to quickly understand the security threats that apply to the design of a system.

To alleviate the challenges posed by the unique and increasingly complex requirements within Industrial Automation and Control Systems (IACS), we've built a dedicated module for the global standard created by the ISA Global Security Alliance. Engage the power of automated threat modeling and secure design for IEC/ANSI 62443.

IriusRisk is a technical member of the ISA Security Compliance Institute

"Companies like IriusRisk are key to enabling adoption of the ISA/IEC 62443 standards for supplier companies.

Commercial tools that simplify the threat analysis and compliance tasks during product development remove barriers to applying the ISA/IEC 62443 standards."

Andre Ristaino, ISA Managing Director, Consortia and Conformance Programs

Use IriusRisk Threat Modeling for...

  • Businesses that need to comply, build, and design according to IEC/ANSI 62443.
  • Manufacturers of network and industrial control systems, such as PLCs, controllers, sensors, etc.
  • Teams responsible for the maintenance of industrial control systems throughout the SDLC.
  • Medical technology and healthcare providers.
  • Operational technology industries and CNI, such as rail and transport, power stations, petrochemicals, water, recycling, metal and fabric manufacturing.

The challenges of adopting IEC/ANSI 62443 standards:

  • How do I navigate and prioritize controls according to risk?
  • How do I identify the threats to my infrastructure?
  • Where do I find the expertise (or the time) to identify and enact the specific controls necessary?
  • How do I know if I am compliant with IEC/ANSI 62443, or if I am meeting my target security level?
  • How do I know if the controls that I have implemented have adequately secured my infrastructure?

The answer? Start left.

  • Risk assessments: use threat modeling to define the specific controls required for assessment and uniquely applicable to your systems
  • Visualize your risk: establish your security baseline, and achieve your target security level
  • Produce your security requirements near-instantly using our 27 independently-configured components to remediate threats
  • Harness an instantly accessible library: all 186 pages of IEC/ANSI 62443 for software development: Parts 3-3 (Network and System Security) and 4-2 (Security for Industrial Automation and Control Systems)
  • Reduce hours of manual analysis to seconds: watch IriusRisk define your mandatory controls for each component