IEC 62443 is the international standard for securing industrial automation and control systems. For UK manufacturers, system integrators, asset owners and product vendors operating in or supplying into critical infrastructure, it has become the benchmark against which OT cyber security is measured.
This page brings together everything Cytal publishes on IEC 62443, from understanding the framework to meeting its technical testing requirements and generating audit-ready compliance evidence.
What is IEC 62443?
IEC 62443 is a multi-part standard that addresses cyber security across the full industrial lifecycle. It covers general concepts and risk methodology, policies and procedures for asset owners, secure system integration, and secure product development for vendors. Unlike IT-focused frameworks, it is built for environments where safety, availability and legacy protocols are non-negotiable.
The standard defines Security Levels 1 through 4, each representing a progressively higher degree of protection against threat capability. Achieving a target security level requires both architectural controls and empirical evidence that components and systems behave securely under real conditions.
Why IEC 62443 Matters in the UK
IEC 62443 is not a UK statutory requirement, but it sits at the centre of how UK regulators and auditors expect OT cyber risk to be managed. It aligns with the Network and Information Systems Regulations, supports compliance with the NCSC Cyber Assessment Framework, and appears consistently in procurement contracts and supply chain security requirements across UK critical infrastructure sectors.
For many organisations, alignment with IEC 62443 is effectively mandatory in practice, even where it is not mandated by law.
How ProtoCrawler Supports IEC 62443 Compliance
Meeting IEC 62443 requires more than policies and network diagrams. Auditors expect empirical evidence that industrial protocols behave securely under adverse conditions and that devices fail safely when presented with malformed or unexpected traffic.
ProtoCrawler is Cytal’s automated protocol fuzz testing platform, built specifically for OT and embedded environments. It tests industrial protocols including Modbus, DNP3, IEC 61850 and IEC 60870-5-104 in a controlled and repeatable way, producing structured, scored outputs that map directly to IEC 62443 clause requirements.
Whether you are a product vendor working to IEC 62443-4-1 and 4-2, a system integrator validating a complete IACS environment, or an asset owner preparing for regulatory audit, ProtoCrawler generates the evidence you need.
Explore the IEC 62443 Guides
IEC 62443 Compliance in the UK: A Practical Guide for Industrial Organisations The full compliance guide covering what IEC 62443 means in a UK regulatory context, how it connects to national frameworks and how to build a sustainable compliance strategy.
IEC 62443 Fuzz Testing: How to Meet Protocol Security Requirements The technical guide covering which IEC 62443 clauses require protocol robustness testing, what audit evidence looks like and how ProtoCrawler satisfies those requirements clause by clause.
IEC 62443 Certification UK: What It Involves and How to Prepare The practical guide to IEC 62443 certification routes in the UK, what assessors look for and how to build your evidence package.
IEC 62443 Compliance Testing: How to Meet the Standard’s Security Requirements The practical guide to what IEC 62443 compliance testing involves, which clauses drive testing obligations and how to build audit-ready evidence.
IEC 62443 Security Testing Tools: What They Need to Do and How to Choose A practical guide to the four categories of IEC 62443 security testing tools, what the standard requires from each and how to evaluate them for OT environments.
IEC 62443-4-2: Component Security Requirements and How to Meet Them The detailed guide to IEC 62443-4-2 component types, foundational requirements, security levels and how protocol testing generates the evidence assessors require.
IEC 62443-4-1: Secure Development Lifecycle Requirements Explained The complete guide to IEC 62443-4-1’s eight secure development practices, maturity levels and how Practice 6 testing obligations are met with ProtoCrawler.
IEC 62443 Framework: How the Standard Is Organised and How It Works The complete guide to how the IEC 62443 framework is structured, what each group of standards covers and how asset owners, integrators and vendors use it in practice.
IEC 62443 Security Levels: What They Mean and How to Achieve Them The practical guide to IEC 62443 security levels, how target and capability levels work, what testing each level requires and how to build evidence that supports a credible security level claim.
IEC 62443 vs NIST: How the Two Frameworks Compare and When to Use Each A practical comparison of IEC 62443 and the NIST Cybersecurity Framework covering key differences, where they overlap and how UK and US industrial organisations use them together
Ready to start your IEC 62443 compliance programme?