Security Considerations
To help maintain a secure system, follow these guidelines:
- Limit physical access to authorized personnel.
- Implement physical barriers, such as locked cabinets.
- Only purchase products from official suppliers.
- Only download firmware and software from the Rockwell Automation official download portal at rok.auto/pcdc.
To secure networks and communication and data, follow these guidelines:
- Implement network technologies that filter, block, and control access to help secure networks.
- Configure authorization policies to define conditions for remote access.
- Select control products that offer security options.
To align your system with IEC 62443-4-2 security technical requirements, see Develop Secure High Availability Systems.
For more security-related information, see the following publications.
Resource | Description |
|---|---|
System Security Design Guidelines Reference Manual, publication
SECURE-RM001 | Provides guidance on how to conduct vulnerability assessments,
implement Rockwell Automation products in a secure system, harden
the control system, manage user access, and dispose of
equipment. |
Configure System Security Features User Manual, publication SECURE-UM001 | Describes how to configure and use Rockwell Automation products to
improve the security of your industrial automation system. |
CIP Security with Rockwell Automation Products Application Technique,
publication SECURE-AT001 | Describes how to plan and implement a Rockwell Automation system that
supports the CIP Security™ protocol. |
FactoryTalk Security Application Technique, publication SECURE-AT002 | Describes how to How to use FactoryTalk® Security to implement authentication and authorization in your industrial
automation system. Describes how to enforce product-specific
security for Studio 5000 Logix Designer® , FactoryTalk® View , and FactoryTalk® AssetCentre . |
Converged Plantwide Ethernet (CPwE) Design and Implementation Guide,
publication ENET-TD001 | Provides guidelines for how to design, implement, and manage
industrial Ethernet networks. |
Redundancy Module MicroSD Card Security
1756-RM3 redundancy modules have a
microSD™
card for the primary purpose of storing Tech Support logs that Rockwell
Automation can use to investigate the cause of a fault. The
microSD™
card is secured in the following ways:- Major fault data for the 1756-RM3 is stored on themicroSD™card in the Rockwell Automation folder. All sensitive data in this location is encrypted and only Rockwell Automation can decode the encrypted data.
- Data is saved to themicroSD™card in only one direction: from the internal memory of the redundancy module to themicroSD™card.
- Data stored on themicroSD™card cannot be read by the redundancy module firmware.
Provide Feedback