Develop Secure High Availability Systems

These high availability system components provide security capabilities aligned with the technical requirements of IEC-62443-4-2. To determine whether a specific product, firmware revision, or configuration is certified, refer to the Rockwell Automation Product Certifications website: rok.auto/certifications
System Component
Cat. No.
Controller
All
ControlLogix®
5590 controller catalog numbers
Redundancy module
1756-RM3
Communication module
1756-EN4TR
IMPORTANT:
If enabled, the following features prevent the system from aligning with IEC-62443-4-2 requirements:
  • Secure socket objects
  • Remote deployment of save/restore images

Essential Functions of a High Availability System

Essential functions are the critical operations that a high-availability system must perform to maintain human safety, environmental protection, equipment health, and system availability. The IEC 62443-4-2 security standard defines the concept of essential functions. These essential functions represent the most critical functions of a product. Product security measures are designed to protect essential functions without adversely affecting them.
Rockwell Automation defines the essential functions of secure products at a high level, but it is your responsibility to identify and define the specific essential functions for your application. This step is crucial for risk assessments and threat modeling, as it determines which security measures to apply and how. The requirements tables in this chapter define the products, features, and configurations that you must use to comply with the 62443-4-2 specification. The requirements tables also provide optional security measures. It is your responsibility to determine whether to apply the optional security measures in your system.
Essential functions of
ControlLogix®
high availability and Logix SIS are the following:
  • Automated I/O operations
    • Gather control inputs
    • Process the user program
    • Send control outputs
  • Safety function in Logix SIS
  • High availability
For compliance with the IEC-62443-4-2 standard, it is your responsibility, and the functionality of the product, to make sure that the security policy and the security settings do not adversely impact the essential functions of the system. The security features of Logix SIS and
ControlLogix®
high availability systems are designed to protect the essential functions of the control system and your assets when they are configured according to instructions in the security checklist in this document and other relevant resources. Only trained users should deploy the security policy or modify security settings on operating controllers. Verify system security configurations by using the security checklists in the Configure System Security Features User Manual, publication SECURE-UM001.
IMPORTANT:
For compliance and to protect essential functions, you must comply with the guidelines in this document for security configuration and security policy deployment.
For more information to help you develop secure applications, see the publications that are listed below. You can view or download publications at rok.auto/literature.
Resource
Description
Security Design Guide Reference Manual, publication SECURE-RM001
Provides guidance on how to conduct vulnerability assessments, implement Rockwell Automation products in a secure system, harden the control system, manage user access, and dispose of equipment.
Configure System Security Features User Manual, publication SECURE-UM001
Provides
Windows®
infrastructure recommendations (domain controller) and guidance to configure and use these Rockwell Automation products:
  • FactoryTalk® Directory
  • FactoryTalk®
    Activation Manager
  • FactoryTalk® Security
  • FactoryTalk® AssetCentre
Logix 5000 Controllers Security Programming Manual, publication 1756-PM016
Describes how to configure security for the
Studio 5000 Logix Designer®
application.
CIP Security Application Technique, publication SECURE-AT001
Describes how to plan and implement a Rockwell Automation system that supports the
CIP Security
protocol.
Converged Plantwide Ethernet (CPwE) Design and Implementation Guide, publication ENET-TD001
Defines manufacturing-focused reference architectures to help accelerate the successful deployment of standard networking technologies and convergence of manufacturing and enterprise/business networks.
Securely Traversing IACS Data across the IDMZ Using Cisco Firepower Threat Defense Design and Implementation Guide, publication ENET-TD013
Describes security architecture use cases for design and deployment of an Industrial Demilitarized Zone (IDMZ) within Industrial Automation and Control System (IACS) applications.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal