IEC 62443 COMPLIANCE
IEC 62443 Security Mapping
Map internet-exposed OT assets to IEC 62443 zone and conduit security requirements.
IEC 62443 defines a defense-in-depth approach to industrial cybersecurity through zones, conduits, and security levels. The standard assumes that zone boundaries prevent unauthorized communication—but internet-exposed OT devices represent zone boundary failures visible only from the outside.
ShiftSix identifies these boundary failures from the adversary’s perspective, mapping exposed assets to specific IEC 62443 system requirements (SR) to support certification and compliance efforts.
How ShiftSix Maps to IEC
Human User Identification and Authentication
Exposed OT devices with default, missing, or weak authentication violate foundational identification and authentication requirements.
Software Process and Device Identification
ShiftSix identifies exposed devices by manufacturer, model, and firmware version—mapping to device identification requirements and revealing unauthorized devices.
Communication Integrity
Internet-exposed industrial protocols (Modbus, DNP3) transmit data without encryption or integrity protection, violating communication integrity requirements.
Network Segmentation
Any OT device reachable from the internet indicates a zone boundary failure. ShiftSix identifies these failures from the outside—the perspective that matters most.
Network and Security Configuration Auditing
Continuous external monitoring detects configuration changes that create new internet exposure paths, supporting ongoing audit requirements.