CSA-204

ISA Security Compliance Institute –

Component Security Assurance –
Instructions and Policies for Use of the ISASecure ® Symbol and Certificate

Version 3.3
August 2019

Copyright © 2010-2019 ASCI - Automation Standards Compliance Institute, All rights reserved

1
CSA-204-3.3
A. DISCLAIMER
ASCI and all related entities, including the International Society of Automation (collectively, “ASCI”) provide all
materials, work products and, information (‘SPECIFICATION’) AS IS, WITHOUT WARRANTY AND WITH ALL
FAULTS, and hereby disclaim all warranties and conditions, whether express, implied or statutory, including, but not
limited to, any (if any) implied warranties, duties or conditions of merchantability, of fitness for a particular purpose, of
reliability or availability, of accuracy or completeness of responses, of results, of workmanlike effort, of lack of viruses,
and of lack of negligence, all with regard to the SPECIFICATION, and the provision of or failure to provide support or
other services, information, software, and related content through the SPECIFICATION or otherwise arising out of the
use of the SPECIFICATION. Also, there is no warranty or condition of title, quiet enjoyment, quiet possession,
correspondence to description, or non-infringement with regard to the SPECIFICATION.

Without limiting the foregoing, ASCI disclaims all liability for harm to persons or property, and users of this
SPECIFICATION assume all risks of such harm.

In issuing and making the SPECIFICATION available, ASCI is not undertaking to render professional or other services
for or on behalf of any person or entity, nor is ASCI undertaking to perform any duty owed by any person or entity to
someone else. Anyone using this SPECIFICATION should rely on his or her own independent judgment or, as
appropriate, seek the advice of a competent professional in determining the exercise of reasonable care in any given
circumstances.

B. EXCLUSION OF INCIDENTAL, CONSEQUENTIAL AND CERTAIN OTHER DAMAGES

To the maximum extent permitted by applicable law, in no event shall ASCI or its suppliers be liable for any special,
incidental, punitive, indirect, or consequential damages whatsoever (including, but not limited to, damages for loss of
profits or confidential or other information, for business interruption, for personal injury, for loss of privacy, for failure to
meet any duty including of good faith or of reasonable care, for negligence, and for any other pecuniary or other loss
whatsoever) arising out of or in any way related to the use of or inability to use the SPECIFICATION, the provision of or
failure to provide support or other services, information, software, and related content through the SPECIFICATION or
otherwise arising out of the use of the SPECIFICATION, or otherwise under or in connection with any provision of this
SPECIFICATION, even in the event of the fault, tort (including negligence), misrepresentation, strict liability, breach of
contract of ASCI or any supplier, and even if ASCI or any supplier has been advised of the possibility of such
damages.

C. OTHER TERMS OF USE

Except as expressly authorized by prior written consent from the Automation Standards Compliance Institute, no
material from this document owned, licensed, or controlled by the Automation Standards Compliance Institute may be
copied, reproduced, republished, uploaded, posted, transmitted, or distributed in any way, except for non-commercial
use only, provided that you keep intact all copyright and other proprietary notices. Modification of the materials or use
of the materials for any other purpose, such as creating derivative works for commercial use, is a violation of the
Automation Standards Compliance Institute’s copyright and other proprietary rights.

2
CSA-204-3.3
Revision history
version date changes

1.3 2010.09.22 Initial version published to http://www.ISASecure.org

2.0 2011.10.21 Add support for separate CRT laboratories
Change certificate to certified device logo and add errata version
used, use registered symbol instead of trademark indicator for
2.1 2015.04.15
ISASecure, add ISO/IEC 17065 reference, add definition of
ISASecure version
Add line to certificate format referencing ANSI/ISA-62443-4-1 and
2.6 2018.02.05 IEC 62443-4-1; add these standards to references; incorporate
erratum from EDSA-102 v3.1
Update for ANSI/ISA-62443-4-2: add this standard as normative
reference, incorporate certificate format from ISASecure -116 for
2.7 2018.08.29
new maintenance of cert policy and addition of line to certificate
format referencing the standard
Change title from EDSA-204 to CSA-204; update for all 4-2
component types; remove CRT; use term capability security level
3.3 2019.08.013
in certificate and text; change logo on certificate from certified
device to certified component

3
CSA-204-3.3
 Contents

1 Scope 6
2 Normative references 6
3 Definitions and abbreviations 6
3.1 Definitions 6
3.2 Abbreviations 9
4 ISASecure symbol and references 9
4.1 General 9
4.2 Use by ISASecure chartered laboratory 9
4.3 Use by component vendor 10
5 Certificates 10
6 Change in accreditation status 11
7 Modification of the ISASecure symbol 12
8 Use of accreditation certificates and symbol 12

4
CSA-204-3.3
 Foreword

This is one of a series of documents that defines the ISASecure® CSA (Component Security Assurance)
certification program for software applications, embedded devices, host devices, and network devices. These
are the component types defined by the standard IEC 62443-4-2 that are used to build control systems.
ISASecure CSA is developed and managed by the industry consortium ISA Security Compliance Institute
(ISCI). A description of the ISASecure CSA program and the current list of documents related to ISASecure
component security assurance can be found on the web site http://www.ISASecure.org.

5
CSA-204-3.3
1 Scope
This document outlines the procedure and conditions which govern the use of the ISASecure ® symbol and
certificate by ISASecure CSA chartered laboratories and component vendors, and any references to their
ASCI license by such laboratories. The reference [CSA-100] provides an overall description of the ISASecure
CSA program. The program certifies software applications, embedded devices, host devices, and network
devices, as defined in [IEC 62443-4-2]. One or more of these definitions may apply to a component.

2 Normative references
[CSA-100] ISCI Component Security Assurance – ISASecure certification scheme, as specified at
http://www.ISASecure.org

[CSA-202] ISCI Component Security Assurance – Application and Contract for Chartered Laboratories ,
internal ISCI document

[CSA-205] ISCI Component Security Assurance – Certificate Document Format, as specified at

http://www.ISASecure.org

[CSA-301] ISCI Component Security Assurance – Maintenance of ISASecure certification, as specified at

http://www.ISASecure.org

[ISASecure-117] ISCI ISASecure Certification Programs - Policy for transition to CSA 1.0.0 and SSA 4.0.0,
as specified at http://www.ISASecure.org
NOTE The following pairs of references that have the same document number 62443-m-n, provide the same technical standard, as
published by the organizations ANSI/ISA and IEC.
[ANSI/ISA-62443-4-1] ANSI/ISA-62443-4-1-2018 Security for industrial automation and control systems Part
4-1: Secure product development lifecycle requirements
[IEC 62443-4-1] IEC 62443-4-1:2019 Security for industrial automation and control systems Part 4 -1: Secure
product development lifecycle requirements
[ANSI/ISA-62443-4-2] ANSI/ISA-62443-4-2-2018 Security for industrial automation and control systems Part
4-2: Technical security requirements for IACS components
[IEC 62443-4-2] IEC 62443-4-2:2019 Security for industrial automation and control systems Part 4 -2:
Technical security requirements for IACS components
[ISO/IEC 17065] ISO/IEC 17065, “Conformity assessment - Requirements for bodies certifying products,
processes, and services”, September 15, 2012

[ISO/IEC 17025] ISO/IEC 17025, “General requirements for the competence of testing and calibration
laboratories”, November 2017

[ISO/IEC 17011] ISO/IEC 17011, “Conformity assessment – General requirements for accreditation bodies
accrediting conformity assessment bodies”, November 2017

[ISO/IEC 17000] ISO/IEC 17000 “Conformity assessment — Vocabulary and general principles”

[ISO/IEC 28] ISO/IEC Guide 28, "Conforming assessment – Guidance on a third-party certification system for
products,” 2004

[ISO/IEC 23] ISO/IEC Guide 23 “Methods of indicating conformity with standards for third -party certification
systems,” 1982

3 Definitions and abbreviations

3.1 Definitions

As a general rule, definitions of ISO/IEC 17000 are applicable.

6
CSA-204-3.3
3.1.1
accreditation body
third party that performs attestation, related to a conformity assessment body, conveying a formal
demonstration of its competence to carry out specific conformity assessment

3.1.2
accreditation body logo
logo used by an accreditation body to identify itself.

3.1.3
accreditation certificate
formal document or a set of documents issued by an accreditation body, stating that accreditation has been
granted for the defined scope.

3.1.4
accreditation symbol
symbol issued by an accreditation body to be used by chartered laborat ories to indicate their accredited
status.

3.1.5
capability security level
level that indicates capability of meeting a security level natively without additional compensating
countermeasures when properly configured and integrated

3.1.6
conformity assessment body
body that performs conformity assessment services and that can be the object of accreditation
NOTE Examples are a laboratory, inspection body, product certification body, management system certification body and
personnel certification body. This is an ISO/IEC term and concept.

3.1.7
certifier
chartered laboratory
NOTE This term is used when a shorter designation for t his organization is more appropriate to the context.

3.1.8
chartered laboratory
organization chartered by ASCI to evaluate products and/or processes under one or more ISASecure
certification programs and to grant certifications under one or more of these programs
NOTE A chartered laboratory is the conformity assessment body for the ISASecure CSA program.

3.1.9
component
entity belonging to an IACS that exhibits the characteristics of one or more of a host device, network device,
software application, or embedded device

3.1.10
embedded device
special purpose device running embedded software designed to directly monitor, control or actuate an
industrial process
NOTE Attributes of an embedded device are: no rotating media, limited number of exposed services, pr ogrammed through an
external interface, embedded OS or firmware equivalent, real -time scheduler, may have an attached control panel, may have a
communications interface. Examples are: PLC, field sensor devices, SIS controller, DCS controller .

3.1.11
host device
general purpose device running an operating system (for example Microsoft Windows OS or Linux) capable
of hosting one or more software applications, data stores or functions from one or more suppliers
NOTE Typical attributes include filesystem(s), programmable services, no real time scheduler and full HMI (keyboard, mouse, etc.) .

7
CSA-204-3.3
3.1.12
ISASecure symbol
graphic affixed or displayed to designate that ISASecure certification has been achieved
NOTE The ISASecure symbol is the mark of conformity for the ASCI ce rtification scheme. The symbol or mark is licensed by ASCI
for use by suppliers that have achieved certified products and by ISASecure laboratories to signify their participation in the ISASecure
program.

3.1.13
ISASecure version
ISASecure certification criteria in force at a particular point in time, defined by the set of document versions
that define the certification program, and identified by a 3 -place number such as ISASecure CSA 1.0.0

3.1.14
network device
device that facilitates data flow between devices, or restricts the flow of data, but may not directly interact
with a control process
NOTE Typical attributes include embedded OS or firmware, no HMI, no real -time scheduler and configured through an exter nal
interface.

3.1.15
software application
one or more software programs and their dependencies that are used to interface with the process or the
control system itself (for example, configuration software and historian)
NOTE 1 Software applications typically e xecute on host devices or embedded devices.
NOTE 2 Dependencies are any software programs that are necessary for the software application to function such as database
packages, reporting tools, or any third party or open source software.

8
CSA-204-3.3
3.2 Abbreviations

The following abbreviations are used in this document .

ANSI American National Standards Institute
ASCI Automation Standards Compliance Institute
DCS distributed control system
CSA component security assurance
HMI human-machine interface
IACS industrial automation and control system(s)
IAF International Accreditation Forum
ILAC International Laboratory Accreditation Cooperation
ISCI ISA Security Compliance Institute
ISA International Society of Automation
IEC International Electrotechnical Commission
ISO International Organization for Standardization
OS operating system
PLC programmable logic controller
SIS safety instrumented system

4 ISASecure symbol and references

4.1 General

The ISASecure symbol is defined as the sequence of letters “ISASecure,” where the first four letters only are
capitalized. The ISASecure symbol shall be displayed only in the appropriate form, size, and color detailed
on the ISASecure website: http://www.ISASecure.org.

When displayed in isolation such as on a product box or letterhead, the ISASecure symbol shall always be
accompanied by the trademark notation, as in ISASecure ® . When used within a document that has several
occurrences of the symbol, such as a brochure or press release, the first occurrence shall have the
trademark notation. In addition, in this case, the document shall also include the statement:

ISASecure ® is a registered Trademark of ASCI. All rights reserved.

An ISASecure chartered laboratory and/or its clients shall neither use the ISASecure symbol in any
misleading manner, nor shall imply in use of the symbol or in any reference that ASCI or ISCI approves of its
products.

In particular, a chartered laboratory and/or its clients shall not use the ISASecure symbol in any way that
might mislead the reader regarding the status of the laboratory or the certification of a component or a
specific version of a component.

All references that contain the ISASecure symbol shall clearly define the particular ISASecure certification
program to which they are related, which in the present case would be the ISASecure CSA certification
program.

4.2 Use by ISASecure chartered laboratory

When a chartered laboratory displays the ISASecure symbol in printed or online documentation, its license
number (chartered laboratory identification, in five -digit format) issued by ASCI shall be printed centrally
under the ISASecure symbol. Its accreditation number may also appear.

In particular, the ISASecure symbol may be displayed on organizational stationery/letterhead by a chartered

laboratory only if the mark or title of the laboratory is also shown, along with its license number.

9
CSA-204-3.3
The following is an example of correct use of the ISASecure symbol by a chartered laboratory:

ISASecure ® CSA

Accreditation Number: WWWWW

License Number: XXXXX

A chartered laboratory is entitled to use the phrase, "An ISASecure Chartered Laboratory – Accreditation
number WWWWW, License Number XXXXX" in combination with the ISASecure symbol.

To request approval to use one of the above phrases, a laboratory shall:

a) Submit a request to use the wording to the ASCI Managing Director; and

b) Submit a pictorial representation of how the wording is to appear

c) Submit a pictorial representation of how the wording is to appear in conjunction with the
accreditation body’s mark/symbol, the ISASecure symbol or any other mark or symbol of conformity.

The ASCI Managing Director shall respond within 30 days as to whether the use of the wording as proposed
by the laboratory is acceptable.

The chartered laboratory shall bear responsibility for obtaining any required copyrights and for monitoring the
use of the wording and ensuring that the wording is not misused.

ISASecure laboratories are entitled to incorporate the ISASecure symbol in public material that refers to
accredited services, provided that the conditions in this procedure are met. ISASecure laboratories are also
entitled to make general reference to the ASCI license provided they ensure that ASCI recognition is not
implied for aspects of any program for which the laboratory is not recognized.

Any use of the ISASecure symbol by a laboratory that might contravene the conditions set out in this
procedure will be considered a misuse of the symbol and subject to legal action which may include
withdrawal of the ASCI license, or publication of the transgression or other action deemed necessary by
ASCI to maintain the integrity of its mark.

4.3 Use by component vendor

When a vendor for a certified component displays the ISASecure symbol in printed or online documentation,
the certification number issued by the certification body (chartered laboratory) shall be printed centrally under
the ISASecure symbol, The ISASecure version and certification level shall also appear.

The following is an example of correct use of the ISASecure symbol by a component vendor:

ISASecure ® CSA 1.0.0 Capability Security Level 1

Certification number: YYYYY

The vendor may place the ISASecure symbol on a certified component or its packaging. The decision to do
this should take into account that the symbol may not appear on product versions that are not certified. The
product versions to which a certification applies are described in [CSA-301].

As specified in [ISO/IEC 17065], the consequences of transgressions by clients of a chartered laboratory are
managed by the chartered laboratory.

5 Certificates
The certification certificate issued by a chartered laboratory to its clients must be the one recognized by the
ASCI program. The document [CSA-205] posted on the ISASecure website contains the approved certificate

10
CSA-204-3.3
format in an editable form suitable for use as a template. Figure 1 illustrates this format. If alterations are
made to the approved certificate, prior to its use, the ASCI Managing Director must approve the certification
certificate used by the chartered laboratory.

In the example certificate, the component certified fit the definition for both an embedded device and a
network device. In this case requirements for both kinds of components apply, and both component types are
shown on the certificate.
NOTE Additional explanation regarding the content shown on this certificate can be found in [CSA-301].

Figure 1 - Example Certificate

6 Change in accreditation status

Upon withdrawal or suspension of its accreditation, a chartered laboratory shall immediately cease to display
or issue certificates and any other materials displaying the ISASecure symbol, license or containing
reference to ASCI recognition.

11
CSA-204-3.3
7 Modification of the ISASecure symbol
Upon any modifications to the ISASecure symbol, ASCI must immediately inform ISASecure laboratories of
its changes and proper use. The effective date for the use of the new symbol must be published on the
website: http://www.ISASecure.org.

8 Use of accreditation certificates and symbol

A chartered laboratory use of the accreditation certificates issued by the accreditation body and the
associated symbols must follow the policies and procedures of the accreditation body.

——————

12
CSA-204-3.3