ISA 6: The latest version of the ISA catalogue, published in October 2023, with many changes and improvements to address the challenges and needs of the industry.
Key changes in ISA 6: New and revised controls to strengthen protection, detection, response, recovery, and service continuity against cyber attacks, especially ransomware; new translations and references to other standards; more guidance and examples for implementation; updated data protection catalogue; removal of legacy structure and requirements.
Transition to ISA 6: A redline version of ISA 6 is available for download; the effective date for ISA 6 in TISAX is April 1st 2024; the transition rules are the same as in previous changes.
ISA 6 comes with a large set of changes and improvements that are detailed in this posting.
Changes with more focus on IT- and OT availability of production suppliers, Leading language is now English, multiple translations planned, Addition of further implementation guidance, Completely revised data protection catalogue, New references to ISO/IEC 27001:2022 and NIST Cyber Security Framework Version 1.1, and.
New TISAX Assessment Proceedings ordered until March 31st, 2024, will be conducted using ISA version 5.
New TISAX Assessment Proceedings ordered from April 1st, 2024, will be conducted using ISA version 6.
Assessment activities related to an existing assessment such as corrective action plan assessments, follow-ups or scope extensions will be conducted using the same version as the original assessment.
The working group has ensured that all requirements in ISA/IEC 62443-2-1 are covered by ISA and that all controls from ISA chapter 5 are applicable.
As an outcome, all relevant control questions in ISA now mapped to ISA/IEC 62443-2-1 and a few minor changes in requirements to perfectly align with the standard have been made.
The Working Group ISA has reworked key sections of the ISA that are vital to prevent the attacks.
This includes a completely new control, 1.3.4, that requires the secure management of software on clients as well as added requirements in 5.2.6 and 5.3.1.
The new control 1.6.1 is designed to ensure that it is clear what needs to be reported and that appropriate reporting mechanisms are established.
The new version of ISA, ISA 6, has introduced several new controls and requirements to minimize the impact of a successful attack and ensure an effective and timely recovery.
The new control 5.2.9 is designed to prepare an organization to recover from a successful attack on IT Systems and Services by having a solid backup and recovery concept.
In total, six completely new control questions along with new requirements to existing controls have been introduced.
Two ISA 5 controls for incident and crisis become obsolete and therefore no longer in ISA 6.
Recovery is necessary to limit the impact of a successful attack, regardless of whether the attack has escalated to a crisis or only affected isolated IT systems and business processes.
Info for latest security news in EnglishBesuchen Sie de.
Consulting in building your security products- Android and IOS security software- Pentests and Security tests for applications- Cybersecurity Management Systems for Automotive(CSMS, ISO 21434, WP.29, ISO 16949)- Support in TISAX audits- Support in NIS2 audits.
This Cyber News was published on www.sorinmustaca.com. Publication date: Sun, 17 Dec 2023 12:43:04 +0000