Requirements for Timely Response to Events
Security Component | Required to Meet IEC‑62443-4-2 SL 1 | Details |
|---|---|---|
FactoryTalk® AssetCentre software | Yes | Configure and use the following:
For more information, see the following:
|
Syslog collector | Yes, if not using FactoryTalk® AssetCentre for logging | The controller supports syslog event logging. Choose a syslog collector that supports the following:
IMPORTANT: The controller sends events to a syslog collector through a front Ethernet port. The Ethernet port must be connected to the same network as the syslog collector.To set the IP address of the syslog collector, use FactoryTalk® Policy Manager software. For more information, see CIP Security with Rockwell Automation Products Application Technique, publication SECURE-AT001.To view a list of syslog messages and their descriptions, see 1756-RD001. |
Controller change detection | Yes | Enable the change detection feature to monitor program components to determine whether they change. The change detection feature is not enabled by default. For more information, see Change Detection. |
Controller component tracking | May be required based on system design, threat model, and risk assessment | Enable component tracking to monitor configurable program components to determine whether they change. Component tracking is not enabled by default. For more information, see Component Tracking. |
Disabled controller log auto-write | Yes | The controller log stores security-related events that can be accessed via FactoryTalk® AssetCentre software. To help prevent the potential loss of controller logs before FactoryTalk® AssetCentre can access them, follow these guidelines:
By default, the controller log auto-write is disabled. For more information, see Controller Logging. |
Provide Feedback