Develop Secure High Availability Systems
These high availability system components provide security capabilities aligned with the
technical requirements of IEC-62443-4-2. To determine whether a specific product, firmware
revision, or configuration is certified, refer to the Rockwell Automation Product
Certifications website: rok.auto/certifications
System Component | Cat. No. |
|---|---|
Controller | All ControlLogix® 5590 controller catalog numbers |
Redundancy module | 1756-RM3 |
Communication module | 1756-EN4TR |
IMPORTANT:
If enabled, the following features prevent the system from aligning with IEC-62443-4-2
requirements:
- Secure socket objects
- Remote deployment of save/restore images
Essential Functions of a High Availability System
Essential functions are the critical operations that a high-availability system must
perform to maintain human safety, environmental protection, equipment health, and system
availability. The IEC 62443-4-2 security standard defines the concept of essential
functions. These essential functions represent the most critical functions of a product.
Product security measures are designed to protect essential functions without adversely
affecting them.
Rockwell Automation defines the essential functions of secure products at a high level, but
it is your responsibility to identify and define the specific essential functions for your
application. This step is crucial for risk assessments and threat modeling, as it determines
which security measures to apply and how. The requirements tables in this chapter define the
products, features, and configurations that you must use to comply with the 62443-4-2
specification. The requirements tables also provide optional security measures. It is your
responsibility to determine whether to apply the optional security measures in your
system.
Essential functions of
ControlLogix®
high availability and Logix SIS are the following:- Automated I/O operations
- Gather control inputs
- Process the user program
- Send control outputs
- Safety function in Logix SIS
- High availability
For compliance with the IEC-62443-4-2 standard, it is your responsibility, and the
functionality of the product, to make sure that the security policy and the security
settings do not adversely impact the essential functions of the system. The security
features of Logix SIS and
ControlLogix®
high availability systems are designed to protect the essential functions of the control
system and your assets when they are configured according to instructions in the security
checklist in this document and other relevant resources. Only trained users should deploy
the security policy or modify security settings on operating controllers. Verify system
security configurations by using the security checklists in the Configure System Security
Features User Manual, publication SECURE-UM001.
IMPORTANT:
For compliance and to protect essential functions, you must comply with the guidelines
in this document for security configuration and security policy deployment.
For more information to help you develop secure applications, see the publications that are
listed below. You can view or download publications at rok.auto/literature.
Resource | Description |
|---|---|
Security Design Guide Reference Manual, publication SECURE-RM001 | Provides guidance on how to conduct vulnerability assessments, implement Rockwell
Automation products in a secure system, harden the control system, manage user
access, and dispose of equipment. |
Configure System Security Features User Manual, publication SECURE-UM001 | Provides Windows® infrastructure recommendations (domain controller) and guidance to configure
and use these Rockwell Automation products:
|
Logix 5000 Controllers Security Programming Manual, publication 1756-PM016 | Describes how to configure security for the Studio 5000 Logix Designer® application. |
CIP Security Application Technique, publication SECURE-AT001 | Describes how to plan and implement a Rockwell Automation system that supports
the CIP Security™ protocol. |
Converged Plantwide Ethernet (CPwE) Design and Implementation Guide, publication
ENET-TD001 | Defines manufacturing-focused reference architectures to help accelerate the
successful deployment of standard networking technologies and convergence of
manufacturing and enterprise/business networks. |
Securely Traversing IACS Data across the IDMZ Using Cisco Firepower Threat
Defense Design and Implementation Guide, publication ENET-TD013 | Describes security architecture use cases for design and deployment of an
Industrial Demilitarized Zone (IDMZ) within Industrial Automation and Control
System (IACS) applications. |
Provide Feedback