ANSI / ISA99 Standards

The International Society of Automation (ISA) worked on defining security standards for several years and the result is ISA99: Security for Industrial Automation and Control Systems, which has been approved by the American National Standards Institute (ANSI)

The ANSI / ISA99 standard focuses on containing communication in control subs-systems to avoid having issues in one area migrate to another area. Distinct areas of security are recommended, with control networks divided into Zones based on control function, and communication between the Zones controlled by Conduits. Multiple separated zones help to provide “zone-level security”.

A Zone is a grouping of logical or physical assets that share common security requirements based on factors such as criticality and consequence. Equipment in a zone has a security level capability and if that capability is not equal to or higher than the requirements, then extra security measures, such as implementing additional technology or policies, must be taken.

Conduits control access to Zones, resist Denial of Service (DoS) attacks or the transfer of malware, shield other network systems and protect the integrity and confidentiality of network traffic. Any communications between Zones must be via a Conduit.

How Tofino helps you comply with ANSI/ISA-99

Tofino Security Appliances act as Conduits to separate your control system into Zones. They have a zero configuration field deployment model and they are completely transparent to the control network on set-up. Once in place, TSAs are easily configured to control communication and traffic between Zones.

For example, TSAs can restrict Modbus communications to a list of ‘allowed’ commands defined by your control engineers. Any command that is not on the ‘allowed’ list, or any attempt to access a register or coil that is outside the allowed range, will be blocked and reported. 

For more information on ANSI/ISA-99 compliance and the Tofino™ Industrial Security Solution:

1. Download the presentation:

 "Building Intrinsically Secure Control and Safety Systems Using ANSI / ISA-99 Security Standards for Improved Security and Reliability"

2. Learn about the Tofino solution:

• Tofino Industrial Security Solution Overview
• Tofino Security Appliance
• Tofino Loadable Security Modules
• Tofino Central Management Platform

Learn more about ANSI/ISA-99

• Guide to the ISA99 Standards
• ANSI / ISA-99 Part 1
  • Security for Industrial Automation and Control Systems: Concepts, Terminology and Models

• ANSI/ISA-99 Part 2
  • Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program