What is the difference between IEC 62443 4 1 and 4 2 ?

IEC 62443-1 is a standard that provides high-level guidelines for developing an industrial automation and control system (IACS) security program. This standard is focused on the development of a security policy, rather than implementing specific security controls. It outlines principles and concepts, allowing organizations to adapt the guidelines to their individual circumstances.

In contrast, IEC 62443-2 is a more detailed technical standard that provides specific requirements for implementing security controls to protect industrial automation and control systems. It delves into the implementation aspects, detailing the technical controls and procedures that need to be in place to protect IACS. It covers different stages of a security program, including system design and integration, network segmentation, access control, security updates, and monitoring.

The primary objective of IEC 62443-1 is to provide a high-level overview of the security policy, while IEC 62443-2 offers more detailed technical guidance on implementing the security controls required to protect IACS. While both standards are important for securing IACS, they serve different purposes and cover distinct aspects of industrial cybersecurity.