The new inspection catalogue, the implementation of which is a prerequisite for a TISAX® label, entails significant changes and places a stronger focus on IT and OT availability in the production supply chain. In addition to adapting the existing test requirements (controls) in the "Information Security" section, which place greater emphasis on the importance of recognising and responding to security incidents and thus possible crisis situations, VDA-ISA V 6.0 introduces two completely new controls in this test area.
Controls 5.2.8 and 5.2.9 essentially include the obligation to implement measures to protect critical IT services and IT systems, as well as the implementation of measures in the area of data backup and recovery with a focus on the occurrence of security incidents in IT operations.
There are also requirements for the identification of these business-critical IT services and IT systems, as well as at least business continuity planning for the following attack scenarios:
For these scenarios, a robust strategy for prevention and treatment is required, as well as regular testing of the infrastructure through DDoS and penetration tests, as a simulation of attacks from outside and inside, i.e. from the Internet and from the organisation's internal networks.
In addition to ISO/IEC 27001 and BSI IT-Grundschutz, the references to these requirements also include ISA/IEC 62443-2-1 ("Security for industrial automation and control systems: Security programme requirements for IACS asset owners"), the NIST Cyber Security Framework and the NIST Special Papers (SP 600ff).
In particular, the reference to ISA/IEC 62443 emphasises the focus of cyber security requirements within industrial automation, i.e. within industrial networks and control systems.
Production is therefore increasingly becoming the focus of the new VDA ISA.
The aim of these requirements and the performance of penetration tests is to determine how effectively the IT and OT infrastructure is already protected and where there are still weak points in the architecture.
The protection objective of the availability of infrastructure and services and the resilience of the organisation are the key points to be checked here.
We are the professionals in the field of DDoS testing and TISAX consulting.
We support you in carrying out the required DDoS stress tests, evaluate the results with you according to the DRS score and suggest measures for further hardening your infrastructure, both in the IT and OT environment.
Furthermore, our certified consultants support you with the introduction and exam preparation according to the current TISAX ® VDA-ISA Katalog sowie den Standards NIS2, KRITIS, TISAX, VDA-ISA, ISO/IEC 27001, ISA/IEC 62443, NIST SP800 also BSI IT-Grundschutz.