The increasing connectivity of the Industrial Internet of Things (IIoT) has transformed security compliance into a major challenge. Manufacturers currently face a disparate set of regulatory and technical requirements, leading to redundant compliance efforts. This paper addresses this inefficiency by developing a Unified Security Requirement Catalog. We consolidate security controls from heterogeneous frameworks (specifically IEC 62443, OWASP ISVS, the Cyber Resilience Act (TR 03183-01), and BSI C5:2020) into a single, actionable mapping. This catalog distinguishes itself by linking technical verification steps directly to high-level regulatory obligations. The utility of the framework was demonstrated through a prototypical implementation and validated via expert interviews. Feedback confirms the framework’s relevance and structural utility, offering a scalable solution for manufacturers aiming to optimize their compliance strategies across multiple standards.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A Unified Security Requirements Catalog for the Industrial IoT

  • Linda Maria Kölbel,
  • Leo Poss,
  • Stefan Schönig

摘要

The increasing connectivity of the Industrial Internet of Things (IIoT) has transformed security compliance into a major challenge. Manufacturers currently face a disparate set of regulatory and technical requirements, leading to redundant compliance efforts. This paper addresses this inefficiency by developing a Unified Security Requirement Catalog. We consolidate security controls from heterogeneous frameworks (specifically IEC 62443, OWASP ISVS, the Cyber Resilience Act (TR 03183-01), and BSI C5:2020) into a single, actionable mapping. This catalog distinguishes itself by linking technical verification steps directly to high-level regulatory obligations. The utility of the framework was demonstrated through a prototypical implementation and validated via expert interviews. Feedback confirms the framework’s relevance and structural utility, offering a scalable solution for manufacturers aiming to optimize their compliance strategies across multiple standards.