BS PD IEC/TR 62443-2-3:2015是一份技术报告，描述了对资产所有者的要求 以及工业自动化和控制系统（IACS）产品供应商 现在正在维护一个IACS补丁管理程序。本技术报告建议采用一种已定义的格式来分发有关 从资产所有者到IACS产品供应商的安全补丁，这是一些 与IACS产品供应商开发补丁信息相关的活动 以及由资产所有者部署和安装补丁。交换格式和 定义了用于安全相关补丁的活动；然而，它也可能适用 用于非安全相关的修补程序或更新。技术报告没有区分为操作系统提供的补丁 系统（OSs）、应用程序或设备。它不区分产品 提供基础设施组件或IACS应用程序的供应商；它提供 适用于IACS的所有补丁的指南。此外，修补程序的类型可以是 解决缺陷、可靠性问题、可操作性问题或安全漏洞。注1:本技术报告不提供有关发现和试验的伦理和方法的指导 披露影响IAC的安全漏洞。这是本报告范围之外的一般性问题。注2:本技术报告不提供该期间漏洞缓解的指导 从发现漏洞到创建解决漏洞的修补程序的日期。 对于 作为IACS安全管理系统的一部分，关于缓解安全风险的多种对策的指南 （IACS-SMS），参考本技术报告附录B.4.5、B.4.6和B.8.5以及IEC中的其他文件 62443系列。交叉引用:IEC TS 62443-1-1IEC 62443-2-1IEC 62443-2-1IEC 62443-2-4IEC 62443-4-1ISO 639-1:2002ISO 3166-1:2006ISO 3166-2:2007ISO 4217:2008ISO 8601:2004ECE/TRADE/C/CEFACT/2009/24ECE/TRADE/C/CEFACT/2009/25购买本文件时可提供的所有现行修订版。

BS PD IEC/TR 62443-2-3:2015, which is a Technical Report, describes requirements for asset owners and industrial automation and control system (IACS) product suppliers that have established and are now maintaining an IACS patch management program.This Technical Report recommends a defined format for the distribution of information about security patches from asset owners to IACS product suppliers, a definition of some of the activities associated with the development of the patch information by IACS product suppliers and deployment and installation of the patches by asset owners. The exchange format and activities are defined for use in security related patches; however, it may also be applicable for non-security related patches or updates.The Technical Report does not differentiate between patches made available for the operating systems (OSs), applications or devices. It does not differentiate between the product suppliers that supply the infrastructure components or the IACS applications; it provides guidance for all patches applicable to the IACS. Additionally, the type of patch can be for the resolution of bugs, reliability issues, operability issues or security vulnerabilities.NOTE 1 This Technical Report does not provide guidance on the ethics and approaches for the discovery and disclosure of security vulnerabilities affecting IACS. This is a general issue outside the scope of this report.NOTE 2 This Technical Report does not provide guidance on the mitigation of vulnerabilities in the period between when the vulnerability is discovered and the date that the patch resolving the vulnerability is created. For guidance on multiple countermeasures to mitigate security risks as part of an IACS security management system (IACS-SMS), refer to, Annexes B.4.5, B.4.6 and B.8.5 in this Technical Report and other documents in the IEC 62443 series.Cross References:IEC TS 62443-1-1IEC 62443-2-1IEC 62443-2-1IEC 62443-2-4IEC 62443-4-1ISO 639-1:2002ISO 3166-1:2006ISO 3166-2:2007ISO 4217:2008ISO 8601:2004ECE/TRADE/C/CEFACT/2009/24ECE/TRADE/C/CEFACT/2009/25All current amendments available at time of purchase are included with the purchase of this document.