Files
Anthropic-Cybersecurity-Skills/skills/implementing-iec-62443-security-zones/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

1.7 KiB

API Reference: Implementing IEC 62443 Security Zones

Purdue Reference Model Levels

Level Name Assets
0 Process Sensors, actuators
1 Basic Control PLCs, RTUs, safety controllers
2 Area Supervisory HMIs, engineering workstations
3 Site Operations Historians, OPC servers, MES
3.5 DMZ Data diode, patch server
4 Enterprise ERP, email, business systems
5 External Internet, cloud, vendors

IEC 62443 Security Levels

SL Protection Against
SL1 Casual or coincidental violation
SL2 Intentional violation using simple means
SL3 Sophisticated attack with moderate resources
SL4 State-sponsored attack with extended resources

Zone Audit Checks

Check Severity Description
No SL-T defined CRITICAL Zone missing security level target
SL gap (achieved < target) HIGH Controls below target
No conduit controls CRITICAL Unprotected zone boundary
IT-OT bypass DMZ CRITICAL Direct Level 4/5 to Level 0/1
Remote access without MFA CRITICAL Unprotected remote conduit

Conduit Security Controls

Control Purdue Boundary Required
Protocol-aware firewall L0-L1, L1-L2 Yes
Data diode L3-DMZ Recommended
IDS/IPS L2-L3, DMZ Yes
VPN + MFA DMZ-External Yes

References