ControlLogix 5590 Controller User Manual

Requirements for Data Confidentiality

Requirements for Data Confidentiality
Security Component	Required to Meet IEC‑62443-4-2 SL 1	Details
FactoryTalk® Security software	Yes	Configure FactoryTalk® Security to define policies, user groups, and other permission sets. The FactoryTalk® Services Platform offers feature access control to manage user access to product features such as controller download, project import, project create, and firmware update. In FactoryTalk® Security , define which users can change controller modes and download projects to the controller. Security authority binding restricts the controller to a specific FactoryTalk® Security instance. This binding reduces the attack surface for security server spoofing because the client software and the security software determine the identity of the security authority responsible for controlling access. For more information, see Configure System Security Features User Manual, SECURE-UM001 .
FactoryTalk® Policy Manager software	Yes	Use the FactoryTalk® Policy Manager software to define a secure data transport over an EtherNet/IP™ network to the controller. For more information, see Configure System Security Features User Manual, SECURE-UM001 .
License-based source and execution protection	May be required based on system design, threat model, and risk assessment.	Configure licenses to manage access to controller source logic and execution of that logic. These licenses are not enabled by default. License-based source protection limits access to projects to only users with the required license. Users without the required license cannot open the project or import components that are protected by the license. License-based execution protection allows execution of the component only on a specific controller family, or only on controllers in a specific controller family that contain the execution license. License-based source protection cannot restrict access to safety logic and safety Add-On Instructions. For more information, see License-based Source and Execution Protection.
Access to tag data	May be required based on system design, threat model, and risk assessment.	Configure the following attributes in the Logix Designer application to control access to tag data: External Access attribute—Controls how external applications can access tags. Constant attribute—Determines if controller logic can change a tag.
SD card encryption	May be required based on system design, threat model, and risk assessment.	If your system allows for microSD memory card use, the load process to the memory card encrypts and digitally signs the project by using the controller key. The memory card itself is not encrypted. When you save (load) firmware to the memory card, the process stores encrypted firmware and certificates on the memory card. Do not use a Message to Self (MSG with a Path of THIS) to auto-write controller logs or manually force a write of controller logs to the memory card. This can help prevent against potential loss of controller logs before FactoryTalk® AssetCentre can read them. For more information, see Use the Memory Card.

Develop Secure Applications

Provide Feedback

Have questions or feedback about this documentation? Please submit your feedback here.

Normal