ISASecure SSA Certification for

DeltaV and DeltaV SIS

Frequently Asked Questions

This FAQ addresses questions around the scope and relevance of the ISASecure® System Security Assurance
certification applied to DeltaV™ and DeltaV SIS products version 14.3 Feature Pack 1
ISASecure SSA Certification for DeltaV and DeltaV SIS March 2019

Introduction
The DeltaV® DCS and SIS version 14.3 Feature Pack 1 is ISASecure System Security Assurance (SSA) Level 1 certified. The
development sites for DeltaV and DeltaV SIS platforms are also ISASecure Security Development Lifecycle Assurance (SDLA) Level
1 certified. These certifications assure asset owners that their DeltaV and DeltaV SIS systems have the security features to deploy
a defendable solution for process and safety controls. The system certification is one of the steps to achieve a deployed system
that follows the ISA 62443 security standards. The asset owner is responsible for requesting, implementing, and maintaining
security features as recommended by the vendor to continue to follow the security standards. Additionally, following the reference
architecture used in the certification is an important step to implement DeltaV and DeltaV SIS systems securely.

The DeltaV Security Manual provides rules and references to the ISA/IEC 62443-3-3 standard to make sure achieving security
compliance is explained with an actionable plan that helps asset owners manage their security posture and follow the security
standards. There are specific DeltaV components that must be deployed to comply with the ISASecure SSA Level 1 certified tested
architecture (as well as some other components that cannot be used). For example, when Electronic Marshalling is implemented,
the CHARM I/O Card (CIOC) version 2 is required as it meets the stringent certification test requirements for the ISASecure
certification programs. The CIOC version 2 is a drop-in replacement for the CIOC version 1.

For system expansions, upgrades, migrations, and other brownfield applications, additional considerations may apply as some
legacy DeltaV components are not included in the reference architecture validated during the ISASecure SSA certification. See the
FAQ section below for a list of components excluded from the ISASecure SSA certification. In that event, alternative components can
enable systems to be compliant with security standards.

To address other specific deviations from the reference architecture used in the DeltaV platform security certification, additional
mitigations might be required. Please consult with your local Emerson sales office to learn how to securely deploy your DeltaV
system to follow ISASecure SSA standards and certification.

Reference architecture validated during ISASecure SSA certification tests.

www.emerson.com/deltav 2
ISASecure SSA Certification for DeltaV and DeltaV SIS March 2019

Frequently Asked Questions

In the following pages you will find answers to frequently asked questions to help you understand the benefits and scope of the
ISASecure SSA certification available for DeltaV and DeltaV SIS systems in v14.3.

1. Where can I find the ISASecure System Security Assurance certificate for the DeltaV and
DeltaV SIS systems?
ISASecure certifications can be accessed online at https://isasecure.org.

2. What is the correlation between the ISASecure standards and the ISA/IEC 62443 standards?
The ISA Security Compliance Institute (ISCI) offers three ISASecure conformance certification programs with four security assurance
levels, each aligned with the ISA/IEC 62443 series of standards, as listed below:

„„ ISASecure Security Development Lifecycle Assurance (SDLA) certification – assures development processes meet the security
requirements specified in the ISASecure standards based on the ISA/IEC 62443-4-1 standard.
„„ ISASecure System Security Assurance (SSA) certification – applies to industrial control systems and assures the required security
features can be supplied to build a defendable solution. Components within the system are subjected to robustness testing in this
certification program based on the ISA/IEC 62443-3-3 and the ISA/IEC 62443-4-1 standards.
„„ ISASecure Embedded Devices Security Assurance (EDSA) certification – applies to components (embedded devices) of industrial
control systems and assures the required security features of a component are met based on the ISA/IEC 62443-4-2 and the ISA/
IEC 62443-4-1 standards.

3. What is the scope of this certification and what does it really mean?
DeltaV DCS and SIS version 14.3 Feature Pack 1 is ISASecure SSA Level 1 certified, a program that relies on a functional security
assessment based on the ISA/IEC 62443-3-3 standard. The ISASecure SSA certification also requires security development lifecycle
assurance. Therefore, Emerson sites in Austin, Texas, USA and Manila, Phillippines are ISASecure SDLA Level 1 certified, ensuring that
the processes at these sites are followed to develop all new code in version 14.3 to meet the ISASecure standards. Finally, there is
also an overall system architecture testing for the ISASecure standards.

The overall certification process involves:

„„ Validation of revised product development procedures and the application of the new secure development processes for new
code created in the targeted system release.
„„ Verification of system security features and functions in compliance with level 1 requirements listed in the ISA/IEC 62443-3-3
standard. A reference architecture of a typically deployed DeltaV DCS and SIS was designed and considered for the generation of
artifacts (data) to demonstrate that protections are implemented in accordance with the available documentation.
„„ Testing of the components in the reference architecture in different layers: asset discovery, vulnerability identification, network
stress, and communication robustness. Tests are performed and the success criteria is validated by making sure that documented
essential functions are not affected during the tests.

www.emerson.com/deltav 3
ISASecure SSA Certification for DeltaV and DeltaV SIS March 2019

These certifications assure asset owners that their DeltaV and DeltaV SIS systems have the security features to deploy a defendable
solution for process and safety controls.

4. Which certification body is responsible for issuing the ISASecure certification for the system?
exida® is the certification body that issued the ISASecure SSA and ISASecure SDLA certifications for the DeltaV DCS and SIS.

5. Is an ISASecure SSA Level 1 certified system fully compliant with all the ISA/IEC 62443 series
of standards?
No, but the ISASecure SSA certification covers the important standards of the ISA 62443 series from a development and deployment
perspective. The ISA 62443 series of standards provides basic principles of security for industrial control systems including
guidelines for service organizations, instructions for users, and patching recommendations, as well as the already mentioned
standards in this FAQ that relate to vendors, such as:
„„ Security development lifecycle
„„ Functional security
„„ Embedded devices security
The ISASecure SSA is a system certification and is more comprehensive than the ISASecure SDLA or the ISASecure EDSA
certifications alone because its scope includes the entire system as opposed to only code development or embedded devices.

6. Are DeltaV and DeltaV SIS products ISASecure EDSA certified?

No. In the DeltaV system v14.3 release, Emerson did not seek ISASecure EDSA certifications for individual embedded devices.
However, most DeltaV embedded devices are Achilles® Level 2 certified, and the ISASecure Security Compliance Institute recognizes
Achilles Test Platforms to run communication robustness tests for ISASecure SSA and EDSA certification programs.

7. Is Emerson ISASecure SDLA certified?

Emerson sites in Austin, Texas, USA and Manila, Phillippines are ISASecure SDLA Level 1 certified.

8. What other steps should users follow to design, implement and maintain an ISASecure certified
industrial control system?
Emerson continues to develop DeltaV and DeltaV SIS systems to follow the ISA/IEC 62443 security standards and to provide security
features to build a defendable solution. Organizations must take additional steps to ensure they deploy an ISASecure certified
industrial control system. Documentation is available to explain how the system must be configured to maintain DeltaV system
security policies and deploy an ISASecure certified industrial control system.

The services organization responsible for the DeltaV system configuration and commissioning must also follow security standards
to implement the system without affecting its overall security protections. In fact, it is expected that the service organization is
aware of all security features available in the DeltaV system and how to configure them to meet the asset owner’s requirements.

Finally, the asset owner should understand the ISASecure SSA certification requirements and ensure any changes to the system are
validated before being implemented so that the security protections are maintained during the lifecycle of the DeltaV system.

9. How does the Achilles certification fit in the ISASecure SSA certification scheme?
There are different Achilles certifications: one dedicated to embedded and network devices (the Achilles Communication
Certification) and one designed for services (the Achilles Practices Certification). The Achilles Communication Certification
uses a test platform to validate system components. The Achilles Communications Certification is recognized by the
ISA Security Compliance Institute for the communication robustness tests of the ISASecure SSA and the ISASecure EDSA
certification programs. Both of these certifications (which are based on the ISA 62443 standards) are more comprehensive
than the Achilles Communications Certification because security development lifecycle assurance is not included in the Achilles
Communications Certification.

www.emerson.com/deltav 4
ISASecure SSA Certification for DeltaV and DeltaV SIS March 2019

10. Can ISASecure SSA certified systems be re-configured / adjusted after deployment as long as they
follow the security best practices?
Yes. However, the asset owner needs to validate the changes to make sure that the system’s attack surface has not changed, and
no security protections have been defeated. The security policies and procedures of an ISASecure SSA certified system should be
revisited periodically so that any new risks are mitigated appropriately.

11. What DeltaV system components are not included in the ISASecure SSA certification?
The DeltaV system reference architecture considered in the ISASecure SSA certification includes most of the available components
provided by Emerson for DeltaV and DeltaV SIS systems. The architecture includes new features added in the DeltaV system v14.3
release as well as existing components that pass Achilles Communication Level 2 tests. The following components are not included
in the reference architecture for the ISASecure SSA certification of DeltaV:

„„ Any of the DeltaV Virtual I/O Modules (VIM and VIM2 – M-series or S-series)
„„ Any of the DeltaV Migration Controllers for Provox and RS3
„„ Any of the DeltaV Connect products
„„ Standalone DeltaV PK Controllers that are not connected to a full DeltaV DCS
„„ Standalone DeltaV SIS unless deployed with all security components listed in the certified reference architecture
„„ DeltaV MD+ and SD+ Controllers
„„ System Health Monitoring for DeltaV systems
„„ Components in retired status
„„ CHARM I/O Card version 1
Note: the CIOC version 2 is a drop-in replacement for CIOC version 1 and is required for the ISASecure SSA certification if the
system uses Electronic Marshalling.

„„ All WirelessHART™ Gateways available for DeltaV systems (Rosemount 1410, Rosemount 1420, and 1552WU)
„„ Cisco® switches (any model) on the control network
Note: Only DeltaV Smart Switches are supported on the control network.

Note: The DeltaV Firewall-IPD is required in DeltaV system version 14.3 Feature Pack 1 to complete the ISASecure SSA Level 1
certified architecture. As described in the DeltaV Security Manual v5.0.0, the DeltaV Firewall-IPD has to be configured to
block SNMP (Simple Network Management Protocol) communications to DeltaV embedded devices to allow the DeltaV
architecture to be compliant with the ISASecure SSA requirements.

12. Are the Smart Logic Solvers SLS1508 included in the DeltaV and DeltaV SIS ISASecure
SSA certification?
Yes. All DeltaV SIS components are included in the ISASecure SSA certified reference architecture. This includes, but it is not limited
to: Smart Logic Solvers SLS1508, SISNet Repeaters, CHARM Smart Logic Solvers (CSLS), Local Safety Network Bridges (LSNB), SZ
Controllers, DeltaV Safety Switches.

Note: Unless deployed with all security components listed in the certified reference architecture, a standalone DeltaV SIS system is
not included in the certification.

www.emerson.com/deltav 5
ISASecure SSA Certification for DeltaV and DeltaV SIS March 2019

13. Does the ISASecure SSA certification apply to all individual DeltaV hardware components?
No. The ISASecure SSA is a comprehensive certification for industrial control systems. Part of the certification process includes
individual products testing, but its objective is to certify that the overall system is compliant with the relevant security standards,
rather than to provide individual components certification.

14. Does the ISASecure SSA certification apply to standalone DeltaV PK Controllers?
No. The standalone implementation of the DeltaV PK Controller is not included in the certified ISASecure SSA reference architecture.
The standalone PK Controller is Achilles Communications Level 2 certified and it runs the same software as when it is deployed
within a DeltaV system (or when merged to the balance of the plant). However, the security boundaries and protections associated
to standalone deployments are not the same as the ones used on a complete DeltaV system architecture.

15. Do I need to deploy a system with the same components as the reference architecture used for
the ISASecure SSA certification to have a certifiable DeltaV system?
No. The reference architecture is a sample that includes almost all of the components that DeltaV systems can have and still be
considered a certifiable system, which helps maintain certification when different architectures are used. The final architecture will
still need to be deployed by service teams and maintained by users that understand the ISASecure SSA standards.

16. If I upgrade to DeltaV system version 14.3 Feature Pack 1, will my DeltaV system automatically be
ISASecure SSA certified?
No. The DeltaV DCS and SIS version 14.3 Feature Pack 1 are certifiable, meaning they meet the pre-requisites to enable a full system
to be deployed and certified against the ISASecure SSA certification. Architecture changes and additional components may
still be required after the system upgrade to version 14.3 to enable the deployed system to be validated against the ISASecure
SSA standards.

www.emerson.com/deltav 6
ISASecure SSA Certification for DeltaV and DeltaV SIS March 2019

Where to find more information

„„ ISASecure website - www.isasecure.org/en-US/
„„ exida website - www.exida.com/

This product and/or service is expected to provide an additional layer of protection to your DeltaV system to help avoid certain types of
undesired actions. This product and/or service represents only one portion of an overall DeltaV system security solution. Emerson does not
warrant that the product and/or service or the use of the product and/or service protects the DeltaV system from cyber-attacks, intrusion
attempts, unauthorized access, or other malicious activity (“Cyber Attacks”). Emerson shall not be liable for damages, non-performance, or
delay caused by Cyber Attacks. Users are solely and completely responsible for their control system security, practices and processes, and for
the proper configuration and use of the security products.

Emerson
North America, Latin America: ©2018-2019, Emerson. All rights reserved.
+1 800 833 8314 or
The Emerson logo is a trademark and service mark of Emerson Electric Co. The DeltaV logo is
+1 512 832 3774
a mark of one of the Emerson family of companies. All other marks are the property of their
respective owners.
Asia Pacific:
+65 6777 8211 The contents of this publication are presented for informational purposes only, and while
diligent efforts were made to ensure their accuracy, they are not to be construed as warranties
Europe, Middle East: or guarantees, express or implied, regarding the products or services described herein or their
+41 41 768 6111 use or applicability. All sales are governed by our terms and conditions, which are available on
request. We reserve the right to modify or improve the designs or specifications of our products
www.emerson.com/deltav at any time without notice.