{"id":51311,"date":"2026-02-23T17:16:49","date_gmt":"2026-02-23T16:16:49","guid":{"rendered":"https:\/\/www.gt-engineering.it\/?post_type=normativa_tecnica&p=51311"},"modified":"2026-02-23T17:21:48","modified_gmt":"2026-02-23T16:21:48","slug":"the-foundation-requirements-fr","status":"publish","type":"normativa_tecnica","link":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/","title":{"rendered":"The Foundation Requirements (FR)"},"content":{"rendered":"\n\n \n \n \n
\n\n \n
\n \n
\n \n <\/div>\n <\/div>\n \n \n \r\n\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n <\/picture>\r\n\r\n \r\n\r\n \r\n \r\n <\/div>\n \n
\n \n
\n

In Functional Safety, to reach a certain level of SIL, concepts like Random and Systematic Failures <\/strong>play a fundamental role.<\/p>\n

In IACS Security (or OT Security) a high protection is reached thanks to a number of \u201ctools\u201d or \u201ctechniques\u201d called Foundation Requirements (FR). Each FR describes a characteristics or \u201cProtection\u201d the IACS should have.<\/p>\n

The IEC 62442 defines 7 Foundation Requirements (FRs) <\/strong>and they form the core structure for both system and component security requirements. Each Foundation Requirement addresses a different aspect of cybersecurity<\/strong> and together they form a comprehensive defense-in-depth framework<\/strong>.<\/p>\n

    \n
  1. FR 1 \u2013 Identification and Authentication Control (IAC). <\/strong>It ensures users and devices are properly identified and authenticated.<\/li>\n
  2. FR 2 \u2013 Use Control (UC). <\/strong>It ensures that authenticated users can only perform permitted actions.<\/li>\n
  3. FR 3 \u2013 System Integrity (SI). <\/strong>It protects the system from unauthorized modification or malicious code.<\/li>\n
  4. FR 4 \u2013 Data Confidentiality (DC). <\/strong>It protects sensitive data from unauthorized disclosure.<\/li>\n
  5. FR 5 \u2013 Restricted Data Flow (RDF). <\/strong>It controls and limits communication between zones and conduits.<\/li>\n
  6. FR 6 \u2013 Timely Response to Events (TRE). <\/strong>It ensures the system can detect, report, and respond to security events.<\/li>\n
  7. FR 7 \u2013 Resource Availability (RA). <\/strong>It ensures the system continues operating even under adverse conditions (e.g., DoS attacks).<\/li>\n<\/ol>\n

    Hereafter, they are described more in depth.<\/p>\n<\/div> <\/div>\n \n \n

    <\/div>\n \n\n <\/div>\n <\/section>\n\n \n\n\n\n\n \n \n \n\n\n\n\n \n \n \n
    \n\n \n
    \n \n
    \n \n \n

    \n FR 1 \u2013 Identification and Authentication Control (IAC) <\/h2>\n <\/div>\n <\/div>\n \n \n
    \n \n
    \n

    Purpose: <\/strong>Ensure that all users, devices, and software entities are properly identified and authenticated before accessing the system.<\/p>\n

    Description:<\/strong> This requirement ensures that only authorized entities can access system resources. It includes mechanisms such as usernames and passwords, certificates, tokens, or other authentication methods. Authentication must be appropriate to the risk level and may apply to humans, devices, or applications.<\/p>\n

    Strong identification and authentication prevent unauthorized access and impersonation, which are often the first steps in cyberattacks.<\/p>\n

    Examples of controls:<\/strong><\/p>\n

      \n
    • \n
        \n
      • Unique user accounts (no shared credentials)<\/li>\n
      • Strong password policies or certificates<\/li>\n
      • Multi-factor authentication where required<\/li>\n
      • Device authentication for network access<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div> <\/div>\n \n \n
        <\/div>\n \n\n <\/div>\n <\/section>\n\n \n\n\n\n\n \n \n \n
        \n\n \n
        \n \n
        \n \n \n

        \n FR 2 \u2013 Use Control (UC) <\/h2>\n <\/div>\n <\/div>\n \n \n
        \n \n
        \n

        Purpose:<\/strong> Ensure that authenticated users can only perform actions they are authorized to perform.<\/p>\n

        Description: <\/strong>Use Control focuses on authorization rather than authentication. Once a user or system is authenticated, their actions must be restricted according to defined roles and permissions. This limits accidental misuse and reduces the potential impact of compromised credentials.<\/p>\n

        Examples of controls:<\/strong><\/p>\n

          \n
        • \n
            \n
          • Access Control Lists (ACL)<\/li>\n
          • Privilege separation (operator vs engineer vs administrator)<\/li>\n
          • Access restrictions for safety-critical functions<\/li>\n
          • Enforcement of least-privilege principles<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div> <\/div>\n \n \n
            <\/div>\n \n\n <\/div>\n <\/section>\n\n \n\n\n\n\n \n \n \n
            \n\n \n
            \n \n
            \n \n \n

            \n FR 3 \u2013 System Integrity (SI) <\/h2>\n <\/div>\n <\/div>\n \n \n
            \n \n
            \n

            Purpose: <\/strong>Protect the system against unauthorized or unintended modification.<\/p>\n

            Description: <\/strong>System Integrity ensures that software, firmware, configurations, and data remain trustworthy and unaltered unless changes are authorized. This includes protection against malware, unauthorized configuration changes, and tampering.<\/p>\n

            Examples of controls:<\/strong><\/p>\n

              \n
            • \n
                \n
              • Secure boot and firmware integrity checks<\/li>\n
              • Malware detection and prevention<\/li>\n
              • Configuration management and change tracking<\/li>\n
              • Code signing and update verification<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div> <\/div>\n \n \n
                <\/div>\n \n\n <\/div>\n <\/section>\n\n \n\n\n\n\n \n \n \n
                \n\n \n
                \n \n
                \n \n \n

                \n FR 4 \u2013 Data Confidentiality (DC) <\/h2>\n <\/div>\n <\/div>\n \n \n
                \n \n
                \n

                Purpose:<\/strong> Prevent unauthorized access to sensitive information.<\/p>\n

                Description: <\/strong>This requirement ensures that sensitive data\u2014such as operational data, credentials, or proprietary information\u2014is protected from disclosure. While confidentiality is often less critical than availability in OT environments, it is still essential for preventing espionage and lateral attacks.<\/p>\n

                Examples of controls:<\/strong><\/p>\n

                  \n
                • \n
                    \n
                  • Encryption of data in transit and at rest<\/li>\n
                  • Secure communication protocols<\/li>\n
                  • Access controls for sensitive data repositories<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div> <\/div>\n \n \n
                    <\/div>\n \n\n <\/div>\n <\/section>\n\n \n\n\n\n\n \n \n \n
                    \n\n \n \n \n \n \n
                    <\/div>\n \n\n <\/div>\n <\/section>\n\n \n\n\n\n\n \n \n \n
                    \n\n \n
                    \n \n
                    \n \n \n

                    \n FR 5 \u2013 Restricted Data Flow (RDF) <\/h2>\n <\/div>\n <\/div>\n \n \n
                    \n \n
                    \n

                    Purpose:<\/strong> Control and limit communication paths within and between systems.<\/p>\n

                    Description:<\/strong> This requirement enforces segmentation of the system into zones and conduits, ensuring that data flows only where explicitly permitted. It minimizes attack propagation and limits the blast radius of a compromise.<\/p>\n

                    Examples of controls:<\/strong><\/p>\n

                      \n
                    • \n
                        \n
                      • Network segmentation and zoning<\/li>\n
                      • Firewalls and industrial security gateways<\/li>\n
                      • Whitelisting of communication paths and protocols<\/li>\n
                      • Demilitarized zones (DMZs) between IT and OT networks<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div> <\/div>\n \n \n
                        <\/div>\n \n\n <\/div>\n <\/section>\n\n \n\n\n\n\n \n \n \n
                        \n\n \n
                        \n \n
                        \n \n \n

                        \n FR 6 \u2013 Timely Response to Events (TRE) <\/h2>\n <\/div>\n <\/div>\n \n \n
                        \n \n
                        \n

                        Purpose:<\/strong> Ensure timely detection, reporting, and response to cybersecurity events.<\/p>\n

                        Description: <\/strong>Systems must be capable of detecting abnormal or malicious activity and generating alerts so that operators can respond before damage occurs. This includes logging, monitoring, and alarm mechanisms.<\/p>\n

                        Examples of controls:<\/strong><\/p>\n

                          \n
                        • \n
                            \n
                          • Security event logging and alerting<\/li>\n
                          • Intrusion detection systems (IDS)<\/li>\n
                          • Time synchronization for accurate event correlation<\/li>\n
                          • Incident response procedures<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div> <\/div>\n \n \n
                            <\/div>\n \n\n <\/div>\n <\/section>\n\n \n\n\n\n\n \n \n \n
                            \n\n \n
                            \n \n
                            \n \n \n

                            \n FR 7 \u2013 Resource Availability (RA) <\/h2>\n <\/div>\n <\/div>\n \n \n
                            \n \n
                            \n

                            Purpose: <\/strong>Ensure the system remains operational and resilient under adverse conditions.<\/p>\n

                            Description: <\/strong>Resource Availability focuses on protecting the system against denial-of-service conditions, equipment failures, or resource exhaustion. It is especially critical in industrial environments where downtime can have safety or economic consequences.<\/p>\n

                            Examples of controls:<\/strong><\/p>\n

                              \n
                            • \n
                                \n
                              • Redundancy and failover mechanisms<\/li>\n
                              • Capacity management and load control<\/li>\n
                              • Protection against denial-of-service attacks<\/li>\n
                              • Backup power and communication paths<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div> <\/div>\n \n \n
                                <\/div>\n \n\n <\/div>\n <\/section>\n\n \n","protected":false},"excerpt":{"rendered":"

                                In Functional Safety, to reach a certain level of SIL, concepts like Random and Systematic Failures play a fundamental role.<\/p>\n","protected":false},"author":2,"featured_media":51308,"parent":51140,"menu_order":3,"template":"","meta":{"_acf_changed":false,"footnotes":""},"normative-tecniche":[58],"class_list":["post-51311","normativa_tecnica","type-normativa_tecnica","status-publish","has-post-thumbnail","hentry","tipologia_normativa-en-iec-standards"],"acf":{"sottotitolo":"","allegati":null},"yoast_head":"\nThe Foundation Requirements (FR) - Gt-Engineering<\/title>\n<meta name=\"description\" content=\"IEC 62443 Core Requirements: IACS Cybersecurity framework covering authentication, integrity, confidentiality and availability.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Foundation Requirements (FR) - Gt-Engineering\" \/>\n<meta property=\"og:description\" content=\"IEC 62443 Core Requirements: IACS Cybersecurity framework covering authentication, integrity, confidentiality and availability.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/\" \/>\n<meta property=\"og:site_name\" content=\"Gt-Engineering\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-23T16:21:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.gt-engineering.it\/wp-content\/uploads\/2026\/02\/immagine-copertina-FR-1024x683.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"683\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/\",\"url\":\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/\",\"name\":\"The Foundation Requirements (FR) - Gt-Engineering\",\"isPartOf\":{\"@id\":\"https:\/\/www.gt-engineering.it\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.gt-engineering.it\/wp-content\/uploads\/2026\/02\/immagine-copertina-FR.png\",\"datePublished\":\"2026-02-23T16:16:49+00:00\",\"dateModified\":\"2026-02-23T16:21:48+00:00\",\"description\":\"IEC 62443 Core Requirements: IACS Cybersecurity framework covering authentication, integrity, confidentiality and availability.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/#primaryimage\",\"url\":\"https:\/\/www.gt-engineering.it\/wp-content\/uploads\/2026\/02\/immagine-copertina-FR.png\",\"contentUrl\":\"https:\/\/www.gt-engineering.it\/wp-content\/uploads\/2026\/02\/immagine-copertina-FR.png\",\"width\":1536,\"height\":1024,\"caption\":\"La norme IEC 62443 d\u00e9finit 7 exigences fondamentales (FRs)\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.gt-engineering.it\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Technical standards\",\"item\":\"https:\/\/www.gt-engineering.it\/en\/normative-tecniche\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"EN IEC Standards\",\"item\":\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"IEC 62443 Series\",\"item\":\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"The Foundation Requirements (FR)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.gt-engineering.it\/en\/#website\",\"url\":\"https:\/\/www.gt-engineering.it\/en\/\",\"name\":\"Gt-Engineering\",\"description\":\"bizonweb\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.gt-engineering.it\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Foundation Requirements (FR) - Gt-Engineering","description":"IEC 62443 Core Requirements: IACS Cybersecurity framework covering authentication, integrity, confidentiality and availability.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/","og_locale":"en_US","og_type":"article","og_title":"The Foundation Requirements (FR) - Gt-Engineering","og_description":"IEC 62443 Core Requirements: IACS Cybersecurity framework covering authentication, integrity, confidentiality and availability.","og_url":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/","og_site_name":"Gt-Engineering","article_modified_time":"2026-02-23T16:21:48+00:00","og_image":[{"width":1024,"height":683,"url":"https:\/\/www.gt-engineering.it\/wp-content\/uploads\/2026\/02\/immagine-copertina-FR-1024x683.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/","url":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/","name":"The Foundation Requirements (FR) - Gt-Engineering","isPartOf":{"@id":"https:\/\/www.gt-engineering.it\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/#primaryimage"},"image":{"@id":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/#primaryimage"},"thumbnailUrl":"https:\/\/www.gt-engineering.it\/wp-content\/uploads\/2026\/02\/immagine-copertina-FR.png","datePublished":"2026-02-23T16:16:49+00:00","dateModified":"2026-02-23T16:21:48+00:00","description":"IEC 62443 Core Requirements: IACS Cybersecurity framework covering authentication, integrity, confidentiality and availability.","breadcrumb":{"@id":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/#primaryimage","url":"https:\/\/www.gt-engineering.it\/wp-content\/uploads\/2026\/02\/immagine-copertina-FR.png","contentUrl":"https:\/\/www.gt-engineering.it\/wp-content\/uploads\/2026\/02\/immagine-copertina-FR.png","width":1536,"height":1024,"caption":"La norme IEC 62443 d\u00e9finit 7 exigences fondamentales (FRs)"},{"@type":"BreadcrumbList","@id":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/the-foundation-requirements-fr\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.gt-engineering.it\/en\/"},{"@type":"ListItem","position":2,"name":"Technical standards","item":"https:\/\/www.gt-engineering.it\/en\/normative-tecniche\/"},{"@type":"ListItem","position":3,"name":"EN IEC Standards","item":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/"},{"@type":"ListItem","position":4,"name":"IEC 62443 Series","item":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iec-standards\/iec-62443-series\/"},{"@type":"ListItem","position":5,"name":"The Foundation Requirements (FR)"}]},{"@type":"WebSite","@id":"https:\/\/www.gt-engineering.it\/en\/#website","url":"https:\/\/www.gt-engineering.it\/en\/","name":"Gt-Engineering","description":"bizonweb","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.gt-engineering.it\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/www.gt-engineering.it\/en\/wp-json\/wp\/v2\/normativa_tecnica\/51311","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gt-engineering.it\/en\/wp-json\/wp\/v2\/normativa_tecnica"}],"about":[{"href":"https:\/\/www.gt-engineering.it\/en\/wp-json\/wp\/v2\/types\/normativa_tecnica"}],"author":[{"embeddable":true,"href":"https:\/\/www.gt-engineering.it\/en\/wp-json\/wp\/v2\/users\/2"}],"version-history":[{"count":1,"href":"https:\/\/www.gt-engineering.it\/en\/wp-json\/wp\/v2\/normativa_tecnica\/51311\/revisions"}],"predecessor-version":[{"id":51315,"href":"https:\/\/www.gt-engineering.it\/en\/wp-json\/wp\/v2\/normativa_tecnica\/51311\/revisions\/51315"}],"up":[{"embeddable":true,"href":"https:\/\/www.gt-engineering.it\/en\/wp-json\/wp\/v2\/normativa_tecnica\/51140"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.gt-engineering.it\/en\/wp-json\/wp\/v2\/media\/51308"}],"wp:attachment":[{"href":"https:\/\/www.gt-engineering.it\/en\/wp-json\/wp\/v2\/media?parent=51311"}],"wp:term":[{"taxonomy":"tipologia_normativa","embeddable":true,"href":"https:\/\/www.gt-engineering.it\/en\/wp-json\/wp\/v2\/normative-tecniche?post=51311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}