Restrict Access to Safety-lock and Safety-unlock Functionality
To provide additional layers of protection, you can use two methods to restrict access to safety-lock and safety-unlock functionality:
- FactoryTalk Security—To comply with IEC-62443-4-2 SL 1 security certification, you must use FactoryTalk Security to configure restricted access to safety-lock and safety-unlock actions. For information about setting these permissions, see the Configure System Security Features User Manual, publication SECURE-UM001.
- Safety passwords—You can set separate passwords that are required to safety-lock or safety-unlock the controller. Passwords are optional and not required for IEC-62443-4-2 SL 1 security certification. For security certification requirements, see the GuardLogix and Compact GuardLogix User Manual, publication 1756-UM543.
IMPORTANT:
For added security, enable CIP Security on the controller before you set password protection. For non-redundant controllers, we recommend that you enable CIP Security on the front Ethernet port of the controller. For more information about CIP Security, see CIP Security with Rockwell Automation Products, publication SECURE-AT001.
To set password protection for safety-lock or safety-unlock actions, follow these steps.
- On the Logix Designer menu bar, click Tools > Safety > Change Passwords.
- In the What Password field, select Safety Lock or Safety Unlock.
- Enter the old password, if one exists.
- Enter and confirm the new password.
- Click OK.TIP: Passwords can be from 1…40 characters in length and are not case-sensitive. Letters, numerals, and the following symbols can be used: ‘ ~ ! @ # $ % ^ & * ( ) _ + , - = { } | [ ] \ : ; ? / . To clear an existing password, enter a new password of zero length.IMPORTANT: Rockwell Automation does not provide any form of password or security override services. When products and passwords are configured, Rockwell Automation encourages customers to follow good security practices and to plan accordingly for password management.
Provide Feedback