This standard describes how specific measures can be implemented in order to guarantee the IT-security of automated machines and plants; aspects of the automation devices, automation systems, and automation applications used are considered. A uniform, feasible procedure for ensuring IT security throughout the entire life cycle of automation devices, systems, and applications is described, based on common terms and definitions agreed by the manufacturers of automation devices and systems and their users (e.g., machine manufacturers, integrators, operators). The life cycle covers the development, integration, operation, migration, and decommissioning phases. This standard defines a simple procedure model for the development and description of IT-security. The model consists of eight steps.