This standard establishes requirements for companies to provide assurance that their products have been manufactured in cybersecure environments, ensuring that there has been no risk of impact to the product due to any cybersecurity incident. Requirements are specified covering actions that need to be taken in the event that a cybersecurity incident is detected, identifying all possibly affected products.

The target audiences for this standard are companies within the electronics manufacturing industry, cybersecurity supply chain managers and related organizations. This standard applies to the manufacture of final products as well as all component materials, paths and storage areas. External logistics processes are also covered via their responsibility to their customer.

This standard also defines levels of cybersecurity management that provide a choice when adopting this standard to meet the appropriate need. Pathways exist to enable progression from a basic level of cybersecurity maturity to higher levels. Appropriate levels for companies to adopt may be determined based on IPC Product Classification as well as risk analysis across all possible use cases of products.

This standard also includes mechanisms for third-party assessment to the cybersecurity levels defined in this standard.