A Transfer Learning Approach to Unveil the Role of Windows Common Configuration Enumerations in IEC 62443 Compliance

TL;DR

This paper introduces a transfer learning method that uses Linux data to help automate and improve Windows compliance checks with IEC 62443-3-3 standards in industrial control systems.

Contribution

It presents a novel transfer learning approach to map Windows configuration enumerations to IEC standards, enhancing automation and understanding of cross-platform security compliance.

Findings

Automated compliance checks for Windows environments.

Identification of cross-platform configuration similarities.

Enhanced traceability in IEC 62443-3-3 compliance.

Abstract

Industrial control systems (ICS) depend on highly heterogeneous environments where Linux, proprietary real-time operating systems, and Windows coexist. Although the IEC 62443-3-3 standard provides a comprehensive framework for securing such systems, translating its requirements into concrete configuration checks remains challenging, especially for Windows platforms. In this paper, we propose a transfer learning methodology that maps Windows Common Configuration Enumerations (CCEs) to IEC 62443-3-3 System Security Requirements by leveraging labeled Linux datasets. The resulting labeled dataset enables automated compliance checks, analysis of requirement prevalence, and identification of cross-platform similarities and divergences. Our results highlight the role of CCEs as a bridge between abstract standards and concrete configurations, advancing automation, traceability, and clarity in IEC 62443-3-3 compliance for Windows environments.