{"id":41086,"date":"2024-10-12T15:36:23","date_gmt":"2024-10-12T19:36:23","guid":{"rendered":"https:\/\/netfoundry.io\/?post_type=resources&p=41086"},"modified":"2026-01-29T12:15:22","modified_gmt":"2026-01-29T17:15:22","slug":"netfoundry-and-zero-trust-outcomes-in-isa-iec-62443","status":"publish","type":"resources","link":"https:\/\/netfoundry.io\/resources\/netfoundry-and-zero-trust-outcomes-in-isa-iec-62443\/","title":{"rendered":"NetFoundry and Zero Trust Outcomes in ISA\/IEC 62443"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t
\n\t\t
NetFoundry<\/a><\/div>\n\t\t<\/div>\n\t\t<\/div>\n\t\t<\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

NetFoundry and Zero Trust Outcomes in ISA\/IEC 62443<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
Solution Brief<\/a><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"NetFoundry\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Introduction to ISA\/IEC 62443 Standards<\/strong><\/h2>\n

ISAGCA<\/span><\/a> has published a paper titled<\/span> Zero Trust Outcomes Using ISA\/IEC 62443 Standards<\/span><\/a>. This paper investigates the intersection of IEC 62443 and Zero Trust principles and the benefits of various roles of the adoption of Zero Trust concepts to enhance ISA\/IEC 62443-based security practices. Specifically, the paper identifies some of the direct overlap between Zero Trust and the requirements of the IEC 62443 specification. NetFoundry can enable these requirements at the network level as part of an overall security design, and we will explain how.<\/span><\/span><\/p>\n

<\/p>\n

NetFoundry Cloud<\/span><\/a>, powered by NetFoundry\u2019s Ziti architecture and the<\/span> OpenZiti<\/span><\/a> open source, is a software-defined networking solution, designed to provide secure connectivity and enable Zero Trust architectures, providing full network operations capabilities. It is well suited for use in the OT\/ICS space as it does not assume a human user-to-application use case, as many solutions do, though it can serve that need. <\/span><\/p>\n

The network layer focus of the solution allows it to be used in much more resource-constrained environments and in a broad set of use cases, many of which are applicable to the industrial space. It also has a focus on availability which is critical for safety first, can run in air gapped networks, and can support L2 and real-time communications all of which are critical for running in OT environments which need to comply to 62443 and other regulations.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Zero Trust Framework<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Explore how NetFoundry enhances IEC 62443 security through Zero Trust principles and architecture.<\/p><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Secure OT Framework<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Integrating NetFoundry\u2019s Zero Trust with IEC 62443 standards for enhanced security.<\/p><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

ISA\/IEC 62443 Overview<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Exploring the integration of NetFoundry\u2019s Zero Trust principles within ISA\/IEC 62443 security standards.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"NetFoundry\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

SOURCE: <\/span>Zero Trust Outcomes Using ISA\/IEC 62443 Standards<\/span><\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Protect Surface, Network Flow \/ Zones, Conduits<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The ISA\/IEC 62443 concept of a zone is a grouping of 1 or more nodes that share a set of security requirements.\u00a0 Zero Trust refers to these as segments, network segments, that can be protected as a unit to enforce certain security requirements. As the number of hosts or applications approaches one, these are referred to as microsegments. A microsegmented network provides a more generally secure environment, limiting many attack vectors allowing for lateral movement within an environment.<\/span>
<\/span>
<\/span>NetFoundry has made their Ziti Platform available via open source in the OpenZiti project. OpenZiti software and the SDKs used to embed the solution into applications allows for many forms of segmentation, including application specific microsegmentation – or <\/span>\u2018AppNets\u2019<\/span><\/a>. There are 3 general architectures for deploying Ziti technology. It is important to note that these are not mutually exclusive, and all 3 can be deployed within the same network and even overlapping, depending on the requirements of the given situation. You can read more <\/span>here<\/span><\/a>.<\/span><\/p>