Protect Access to Device Configuration and the Controller Project

To prevent accidental changes to critical security settings by unauthorized or untrained users, follow these best practices:
  • Restrict access to security settings—Limit access to the security configuration for the redundant controller, redundancy module, and secure communication module to authorized, trained personnel only.
  • Use hardware-based protection—Enable Explicit Protect Mode by using hard Run mode on controllers and rotary switches on 1756-EN4TR modules.
  • Secure workstations—Restrict access to any workstation running
    FactoryTalk® Policy Manager
    , which is used to deploy security policies to the redundant chassis pair.
  • Restrict physical access—Place the redundant chassis pair in locked cabinets or restricted-access locations to prevent unauthorized physical interaction.
In the
FactoryTalk® Administration Console
, you can protect access to the following:
  • The
    FactoryTalk® Linx
    device configuration and webpages for 1756-RM3 and 1756-EN4TR modules in the redundant chassis pair
    Permissions for device configuration
  • Logix Designer project for the redundant controller
    To restrict access to the configuration interface for a 1756-EN4TR module in the Logix Designer application, define the access controls for 'Module: Modify Properties'.
    Permissions for controller project
For more information about how to protect access to device configuration and the controller project, see the FactoryTalk Security Application Technique, publication SECURE-AT002.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal